Aggregator

ZDI-CAN-27769: Trimble

ZDI: Upcoming Advisories
1 month 1 week ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kevin Salapatek of Trend Research' was reported to the affected vendor on: 2025-07-31, 41 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-27555: BusyBox

ZDI: Upcoming Advisories
1 month 1 week ago
A CVSS score 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-07-31, 41 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

CVE-2025-8346 | Portabilis i-Educar 2.10 /educar_aluno_lst.php ref_cod_matricula cross site scripting

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting. This vulnerability is handled as CVE-2025-8346. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8347 | Kehua Charging Pile Cloud Platform 1.0 /sys/task/findAllTask sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8348 | Kehua Charging Pile Cloud Platform 1.0 /home improper authentication

Vuldb Updates
1 month 1 week ago
A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-8348. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Secrets are leaking everywhere, and bots are to blame

Help Net Security
1 month 1 week ago

Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools, are now the fastest-growing source of security risk in enterprise environments. Non-human identity risk fuels rising secret exposures Between January and June 2025, Entro saw a 44% year-over-year increase in NHIs. These machine identities now … More →

The post Secrets are leaking everywhere, and bots are to blame appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2025-8327 | code-projects Exam Form Submission 1.0 /admin/delete_s8.php ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2025-8327. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-8328 | code-projects Exam Form Submission 1.0 /register.php USN sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. This vulnerability is handled as CVE-2025-8328. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-8329 | code-projects Vehicle Management 1.0 /filter3.php company sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8329. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-8331 | code-projects Online Farm System 1.0 /forgot_pass.php email sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2025-8331. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-48916 | Ceph RadosGW encryption algorithm improper authentication (Nessus ID 212141)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in Ceph. This vulnerability affects unknown code of the component RadosGW. The manipulation of the argument encryption algorithm with the input None leads to improper authentication. This vulnerability was named CVE-2024-48916. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

INC

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

Why rural hospitals are losing the cybersecurity battle

Help Net Security
1 month 1 week ago

Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are left juggling security tools without the IT support to use them effectively, according to Paubox. Compared to their urban counterparts, rural healthcare organizations are hitting more cybersecurity roadblocks, and not just in one or two … More →

The post Why rural hospitals are losing the cybersecurity battle appeared first on Help Net Security.

Anamarija Pogorelec

404 Path Not Found: Finding Direction in a Fickle Job Market

Ransomware DataBreachToday.com
1 month 1 week ago
Advice for Young Cyber Professionals in the Age of AI and Security Automation
Professionals across industries, especially those in early career stages, are struggling to find not only jobs but also career path direction. The old map no longer applies. Today's environment requires adaptability, strategy and a willingness to build new paths entirely.

Managed ad