Aggregator

CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication (EUVD-2025-20195)

Vuldb Updates
1 day 1 hour ago
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-7115 | rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97 Session route.ts PUT params missing authentication (Issue 166 / EUVD-2025-20194)

Vuldb Updates
1 day 1 hour ago
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. This vulnerability is handled as CVE-2025-7115. The attack may be launched remotely. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.
vuldb.com

CVE-2025-41672 | WAGO Device Sphere 1.0.0 JWT Token insecure default initialization of resource (VDE-2025-057 / EUVD-2025-20193)

Vuldb Updates
1 day 1 hour ago
A vulnerability was found in WAGO Device Sphere 1.0.0 and classified as very critical. This issue affects some unknown processing of the component JWT Token Handler. The manipulation leads to insecure default initialization of resource. The identification of this vulnerability is CVE-2025-41672. The attack may be initiated remotely. There is no exploit available.
vuldb.com

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs
1 day 1 hour ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]
Pierluigi Paganini

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

不安全
1 day 1 hour ago
美国网络安全机构CISA将Google Chromium V8引擎中的CVE-2025-6554漏洞加入已知被利用漏洞目录。该漏洞为类型混淆问题,允许攻击者通过特制HTML页面进行任意读写操作。Google已发布补丁修复,并指出该漏洞在野外被利用。CISA要求联邦机构于7月23日前完成修复以应对潜在攻击风险。

Hpingbot Unleashed: New Go-Based Botnet Leverages Pastebin & Hping3 for Stealthy Attacks

Penetration Testing Tools - Metepreter.org
1 day 1 hour ago

A newly emerged botnet known as hpingbot, identified by the NSFOCUS Fuying Lab‘s global threat monitoring system, has rapidly become one of the most prominent cyber threats since its appearance in early June 2025....

The post Hpingbot Unleashed: New Go-Based Botnet Leverages Pastebin & Hping3 for Stealthy Attacks appeared first on Penetration Testing Tools.

ddos

CVE-2025-7166 | code-projects Responsive Blog Site 1.0 /single.php ID sql injection

VulDB Recent Entries
1 day 1 hour ago
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Microsoft is Finally Removing PowerShell 2.0 from Windows 11: Boosting Security, Retiring Legacy Tool

Penetration Testing Tools - Metepreter.org
1 day 1 hour ago

Another relic of the past is being permanently retired from the legendary operating system. Microsoft has initiated the process of removing PowerShell 2.0—a long-obsolete version of the command-line tool—from Windows 11. This iteration first...

The post Microsoft is Finally Removing PowerShell 2.0 from Windows 11: Boosting Security, Retiring Legacy Tool appeared first on Penetration Testing Tools.

ddos

CVE-2025-7165 | PHPGurukul/Campcodes Cyber Cafe Management System 1.0 /forgot-password.php email sql injection

VulDB Recent Entries
1 day 1 hour ago
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is handled as CVE-2025-7165. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7164 | PHPGurukul/Campcodes Cyber Cafe Management System 1.0 /index.php Username sql injection

VulDB Recent Entries
1 day 1 hour ago
A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-7164. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Call of Duty: WWII Game Pass PC Hit by Critical RCE Exploit, Players Warned to Stay Away

Penetration Testing Tools - Metepreter.org
1 day 1 hour ago

Exercise caution if you’re planning to play Call of Duty: WWII via Game Pass on PC. Users have begun reporting a critical vulnerability that allows hackers to remotely execute commands on another player’s computer....

The post Call of Duty: WWII Game Pass PC Hit by Critical RCE Exploit, Players Warned to Stay Away appeared first on Penetration Testing Tools.

ddos

A week in security (June 30 – July 6)

不安全
1 day 1 hour ago
墨西哥毒枭“El Chapo”通过黑客摄像头和窃听FBI人员;Stalkerware应用Catwatchful泄露用户信息;钓鱼邮件伪装成品牌消息威胁小企业;澳大利亚航空Qantas数据泄露影响600万客户;Google修复Chrome浏览器漏洞。

Managed ad