Aggregator

A vulnerability classified as problematic has been found in PHPGurukul Employee Leave Management System 2.1. The impacted element is an unknown function of the file leave-details.php. This manipulation of the argument leaveid causes improper control of resource identifiers. This vulnerability appears as CVE-2025-56254. The attack may be initiated remotely. There is no available exploit.

A vulnerability has been found in SUSE rancher up to 2.9.10/2.10.8/2.11.4/2.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-58259. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability has been found in Akinsoft OctoCloud up to 1.11.00 and classified as problematic. This vulnerability affects unknown code. This manipulation causes improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-2414. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

招聘进行中，超多优质岗位等你来选，京东安全期待你的加入！

The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. [...]

A vulnerability categorized as problematic has been discovered in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. This vulnerability is referenced as CVE-2025-9845. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document‐sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the […]

The post OneDrive Phishing Attack Targets Corporate Executives for Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Китайцы придумали новые шлемы дополненной реальности для экипажа бронетехники.

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as problematic. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-9843. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as problematic. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. This vulnerability was named CVE-2025-9842. The attack may be performed from remote. In addition, an exploit is available.

Submit #641940 / VDB-322191

Submit #641806 / VDB-172386

A vulnerability was found in code-projects Mobile Shop Management System 1.0. It has been classified as critical. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-9841. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Хакеры заблокировали прокуратуру, и теперь дела преступников стоят, а правосудие ждёт.

Submit #644854 / VDB-322190

Submit #641783 / VDB-322189

A vulnerability was found in itsourcecode Sports Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. This vulnerability is handled as CVE-2025-9840. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in itsourcecode Student Information Management System 1.0 and classified as critical. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-9839. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-9838. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the argument studentId causes sql injection. This vulnerability appears as CVE-2025-9837. The attack may be initiated remotely. In addition, an exploit is available.