Aggregator

Submit #639032 / VDB-319902

Submit #638947 / VDB-321905

喜报，墨菲安全连续第二年获权威认可！

Back in Part 1, we walked through how attackers are using Microsoft 365’s Direct Send feature to spoof internal emails, making those messages look like they’re coming from a trusted domain.

The post Microsoft and IRONSCALES Crack Down on the Direct Send Exploit appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. This vulnerability was named CVE-2025-9692. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. This vulnerability is uniquely identified as CVE-2025-9691. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-9690. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. This vulnerability is known as CVE-2025-9689. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #638853 / VDB-321904

Submit #638843 / VDB-321903

A vulnerability marked as critical has been reported in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-9688. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #638609 / VDB-321901

A vulnerability labeled as critical has been found in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. This vulnerability appears as CVE-2025-9687. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-9686. The attack is possible to be carried out remotely. Moreover, an exploit is present.

关键词数据泄露根据网络安全公司 Cybernews 的个人数据泄露监测工具显示，2025年上半年全球共有约15

关键词数据泄露美国三大信用报告机构之一的 TransUnion 近日披露，其一家第三方服务供应商遭到黑客攻击，

关键词腾讯云在昨天的文章中，提到网络安全公司 CYBERNEWS 发布的一份报告称，腾讯云平台出现重大安全事件

关键词数据泄露近期有研究揭示出社交媒体应用在收集用户位置数据方面存在明显差异。

Каждый 50-й американец мог быть ненастоящим...

A vulnerability categorized as critical has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-9685. The attack can be executed remotely. Additionally, an exploit exists.