Aggregator

CVE-2025-4664 | Google Chrome up to 136.0.7103.92 Loader Remote Code Execution (EUVD-2025-14909 / Nessus ID 236813)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Google Chrome. This affects an unknown part of the component Loader. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2025-4664. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-4770 | PHPGurukul Park Ticketing Management System 2.0 /view-normal-ticket.php viewid sql injection

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The identification of this vulnerability is CVE-2025-4770. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-3536 | Tutorials-Website Employee Management System 1.0 /admin/delete-user.php ID improper authorization

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. This vulnerability is handled as CVE-2025-3536. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-3537 | Tutorials-Website Employee Management System 1.0 /admin/update-user.php ID improper authorization

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-3537. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1840 | ESAFENET CDG 5.6.3.154.205 updateorg.jsp flowId sql injection

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. This vulnerability is handled as CVE-2025-1840. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-1812 | zj1983 zz up to 2024-08 SuperZ.java GetUserOrg userId sql injection

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. This vulnerability is traded as CVE-2025-1812. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

AI becomes key player in enterprise ransomware defense

Help Net Security
1 month 4 weeks ago

Ransomware breaches continue to rise even as fewer victims pay, according to a Delinea report. 69% of organizations globally have fallen victim to ransomware, with 27% being hit more than once. While only 57% of organizations paid ransoms, down from 76% in 2024, the frequency and impact of attacks continued to grow as threat actors turned to other tactics like extortion, with 85% of ransomware victims threatened with exposure. Paying the ransom doesn’t always bring … More →

The post AI becomes key player in enterprise ransomware defense appeared first on Help Net Security.

Help Net Security

CVE-2022-39151 | Siemens Parasolid/Simcenter Femap X_T File out-of-bounds write (ZDI-CAN-17736 / EUVD-2022-41696)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Siemens Parasolid and Simcenter Femap and classified as critical. Affected by this issue is some unknown functionality of the component X_T File Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2022-39151. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11282 | wpchill Passster Plugin up to 4.2.10 on WordPress Password Protect Page information disclosure (EUVD-2024-34330)

Vuldb Updates
2 months ago
A vulnerability, which was classified as problematic, was found in wpchill Passster Plugin up to 4.2.10 on WordPress. This affects an unknown part of the component Password Protect Page. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-11282. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

New infosec products of the week: June 6, 2025

Help Net Security
2 months ago

Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and Varonis. Bitdefender unifies security, risk management, and compliance in a single platform Bitdefender announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline audit readiness. The solution provides real-time visibility, automated remediation, audit-ready reports, and one-click compliance documentation fully integrated with … More →

The post New infosec products of the week: June 6, 2025 appeared first on Help Net Security.

Sinisa Markovic

Managed ad