Aggregator

CVE-2025-4497 | code-projects Simple Banking System up to 1.0 Sign In password2 buffer overflow

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. The identification of this vulnerability is CVE-2025-4497. Attacking locally is a requirement. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4496 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R 4.1.8cu.5241_B20210927 /cgi-bin/cstecgi.cgi CloudACMunualUpdate FileName buffer overflow

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. This vulnerability was named CVE-2025-4496. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Indirect Prompt Injection Exploits LLMs’ Lack of Informational Context

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

A new wave of cyber threats targeting large language models (LLMs) has emerged, exploiting their inherent inability to differentiate between informational content and actionable instructions. Termed “indirect prompt injection attacks,” these exploits embed malicious directives within external data sources-such as documents, websites, or emails-that LLMs process during operation. Unlike direct prompt injections, where attackers manipulate […]

The post Indirect Prompt Injection Exploits LLMs’ Lack of Informational Context appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-3794 | WPForms Plugin up to 1.9.5 on WordPress start_timestamp cross site scripting

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in WPForms Plugin up to 1.9.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument start_timestamp leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3794. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-4382 | Red Hat Enterprise Linux/OpenShift Container Platform TPM-based Auto-Decryption missing authentication

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform and classified as critical. Affected by this issue is some unknown functionality of the component TPM-based Auto-Decryption. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-4382. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com

FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

PIVOTcon, joint research by Validin and SentinelLABS has exposed FreeDrain, an industrial-scale cryptocurrency phishing operation that has been stealthily siphoning digital assets for years. This sophisticated campaign leverages search engine optimization (SEO) manipulation, free-tier web services, and intricate redirection techniques to target unsuspecting users of cryptocurrency wallets such as Trezor, MetaMask, and Ledger. Sophisticated Cryptocurrency […]

The post FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-4494 | JAdmin-JAVA JAdmin 1.0 Admin Backend NoNeedLoginController.java toLogin improper authentication

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-4494. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4492 | Campcodes Online Food Ordering System 1.0 ticket-message.php ticket_id sql injection

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The manipulation of the argument ticket_id leads to sql injection. The identification of this vulnerability is CVE-2025-4492. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4491 | Campcodes Online Food Ordering System 1.0 ticket-status.php ticket_id sql injection

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. This vulnerability was named CVE-2025-4491. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4490 | Campcodes Online Food Ordering System 1.0 /view-ticket-admin.php ID sql injection

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4489 | Campcodes Online Food Ordering System 1.0 /routers/user-router.php t1_verified sql injection

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. This vulnerability is handled as CVE-2025-4489. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack

Cyber Security News
2 months 2 weeks ago

Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where threat actors exploit commonly trusted file formats to deliver fraudulent messages prompting victims to make phone calls to fake customer […]

The post Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-4488 | itsourcecode Gym Management System 1.0 ajax.php?action=delete_package ID sql injection

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_package. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2025-4488. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad