Aggregator

CVE-2025-48905 | Huawei HarmonyOS 5.0.0 Arkweb v8 Module inconsistency between implementation and documented design (EUVD-2025-17086)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as critical. This vulnerability affects unknown code of the component Arkweb v8 Module. The manipulation leads to inconsistency between implementation and documented design. This vulnerability was named CVE-2025-48905. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-5725 | SourceCodester Student Result Management System 1.0 Grading System Page grading-system Remark cross site scripting (EUVD-2025-17058)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. This vulnerability is known as CVE-2025-5725. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5724 | SourceCodester Student Result Management System 1.0 Subjects Page subjects Subject cross site scripting (EUVD-2025-17059)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. This vulnerability is traded as CVE-2025-5724. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2017-7018 | Apple iTunes up to 12.6.1 on Windows WebKit memory corruption (HT207928 / EDB-42373)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Apple iTunes up to 12.6.1 on Windows. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-7018. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Qilin

Dark Feed IO
2 months 1 week ago

You must login to view this content

cohenido

CVE-2025-3835 | Zoho ManageEngine Exchange Reporter Plus up to 5721 Content Search Module unrestricted upload (EUVD-2025-17446)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in Zoho ManageEngine Exchange Reporter Plus up to 5721. Affected by this vulnerability is an unknown functionality of the component Content Search Module. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-3835. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-36528 | Zoho ManageEngine ADAudit Plus up to 8510 Service Account Auditing Report sql injection (EUVD-2025-17451)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Zoho ManageEngine ADAudit Plus up to 8510 and classified as critical. This issue affects some unknown processing of the component Service Account Auditing Report. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-36528. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5876 | Lucky LM-520-SC/LM-520-FSC/LM-520-FSC-SAM up to 20250321 missing authentication (EUVD-2025-17459)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-5876. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-40668 | TCMAN GIM 11 POST Request validateChangePassword%C3%B1a authorization (EUVD-2025-17458)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in TCMAN GIM 11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /PC/WebService.aspx/validateChangePassword%C3%B1a of the component POST Request Handler. The manipulation of the argument idUser/PasswordActual/PasswordNew/PasswordNewRepeat leads to incorrect authorization. This vulnerability is known as CVE-2025-40668. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-27531 | Apache InLong up to 2.0.x JDBC deserialization (EUVD-2025-17317)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, was found in Apache InLong up to 2.0.x. This affects an unknown part of the component JDBC. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-27531. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40669 | TCMAN GIM 11 POST Request Options.aspx?Command=2&Page=-1 authorization (EUVD-2025-17457)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in TCMAN GIM 11 and classified as problematic. Affected by this issue is some unknown functionality of the file /PC/Options.aspx?Command=2&Page=-1 of the component POST Request Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-40669. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-40670 | TCMAN GIM 11 POST Request updateUser authorization (EUVD-2025-17456)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in TCMAN GIM 11. It has been classified as problematic. This affects an unknown part of the file /PC/frmGestionUser.aspx/updateUser of the component POST Request Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-40670. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Qilin

Dark Feed IO
2 months 1 week ago

You must login to view this content

cohenido

New Blitz Malware Targets Windows Servers to Deploy Monero Miner

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 1 week ago

A new Windows-based malware named Blitz has been identified in 2024, with an updated version detected in early 2025. This malware, actively developed and distributed through deceptive game cheats, poses a significant threat by deploying a Monero cryptocurrency miner alongside information-stealing and denial-of-service (DoS) capabilities. Detailed analysis by Palo Alto Networks’ Unit 42 reveals that […]

The post New Blitz Malware Targets Windows Servers to Deploy Monero Miner appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Next-Gen Developers Are a Cybersecurity Powder Keg

darkreading
2 months 1 week ago
AI coding tools promise productivity but deliver security problems, too. As developers embrace "vibe coding," enterprises face mounting risks from insecure code generation that security teams can't keep pace with.
Pieter Danhieux

Managed ad