Aggregator

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to sql injection. This vulnerability is handled as CVE-2025-2736. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to sql injection. This vulnerability is known as CVE-2025-2735. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. This vulnerability is traded as CVE-2025-2734. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #524733 / VDB-300762

Submit #523400 / VDB-300761

Submit #522931 / VDB-300760

Submit #522898 / VDB-300759

Submit #522881 / VDB-300758

Submit #522266 / VDB-300757

Submit #522265 / VDB-300756

CIS analysts break down the rise of DeepSeek, a GenAI model that collects data and introduces security risks for users.

Москва, Петербург и ещё несколько регионов пожаловались на сбой.

Cybercriminals are leveraging Gamma AI, a platform for creating presentations, websites, and documents, to build sophisticated and difficult-to-detect phishing page redirectors. These malicious actors are exploiting Gamma’s advanced capabilities to host phishing redirect pages directly on the legitimate domain, gamma.app, raising concerns about the misuse of AI-powered tools in cyberattacks. The phishing scheme begins with […]

The post Hackers Exploit Gamma AI to Create Sophisticated Microsoft Themed Phishing Redirectors appeared first on Cyber Security News.

最近时间安排比较紧张，整合了各种框架的payload。

A vulnerability, which was classified as problematic, has been found in Simple SA SIMPLE.ERP up to 6.30. This issue affects some unknown processing. The manipulation leads to storing passwords in a recoverable format. The identification of this vulnerability is CVE-2024-8774. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in pihome-shc PiHome 2.0. Affected by this issue is some unknown functionality of the file /home.php. The manipulation of the argument page_name leads to cross site scripting. This vulnerability is handled as CVE-2025-1742. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Simple SA SIMPLE.ERP up to 6.30. This vulnerability affects unknown code of the component MS SQL Protocol Handler. The manipulation leads to algorithm downgrade. This vulnerability was named CVE-2024-8773. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

An INTERPOL-led operation, dubbed “Operation Red Card,” has resulted in the arrest of over 306 individuals suspected of involvement in various cyber crimes across seven African countries. This operation, conducted from November 2024 to February 2025, targeted mobile banking, investment, and messaging app scams, among others. The collaborative effort involved law enforcement agencies from Benin, […]

The post Operation Red Card: Authorities Arrest 300+ Linked to Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). Vercel – the Cloud platform-as-a-Service company that develops the popular framework – has released security updates fixing it, and has advised users to upgrade as soon as possible. What is Next.js and how does CVE-2025-29927 manifest? Next.js … More →

The post Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) appeared first on Help Net Security.

A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-2733. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.