Aggregator

Submit #610567 / VDB-316129

A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The identification of this vulnerability is CVE-2025-7477. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-7476. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7475. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Job Diary 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. This vulnerability is handled as CVE-2025-7474. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #610505 / VDB-316128

Submit #610439 / VDB-316127

Submit #610433 / VDB-316126

Submit #610432 / VDB-316125

Submit #610135 / VDB-316124

A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. The vulnerability, designated CVE-2025-25257, represents a significant threat to organizations using Fortinet’s web application firewall solutions. Key Takeaways1. Fortinet FortiWeb Fabric Connector has an unauthenticated SQL injection (CVE-2025-25257) enabling remote […]

The post Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code appeared first on Cyber Security News.

Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses, MSPs and hosting providers. The software can be installed on 64-bit operating systems: Windows, Windows Server, Linux, and macOS. Administration is done via a web-based interface. Users likewise upload/download files securely via browser. CVE-2025-47812 is caused … More →

The post Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) appeared first on Help Net Security.

Учёные: «Всё чисто!». Люди: «А можно ещё раз проверить?».

The AI products from Chinese company DeepSeek present unacceptable national security risks, Czechia said in banning the software from government use.

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers,

A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to sql injection. This vulnerability is known as CVE-2025-7471. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is traded as CVE-2025-7470. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The identification of this vulnerability is CVE-2025-7469. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. This vulnerability was named CVE-2025-7468. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7467. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.