Aggregator

A vulnerability was found in ACDH-CH OpenAtlas 8.9.0. It has been declared as problematic. This issue affects some unknown processing of the file /insert/event. Such manipulation of the argument Name leads to cross site scripting. This vulnerability is listed as CVE-2025-40708. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in ACDH-CH OpenAtlas 8.9.0. It has been classified as problematic. This vulnerability affects unknown code of the file /insert/place. This manipulation of the argument name/alias-0 causes cross site scripting. This vulnerability is tracked as CVE-2025-40707. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in ACDH-CH OpenAtlas 8.9.0 and classified as problematic. This affects an unknown part of the file /insert/source. The manipulation of the argument Name results in cross site scripting. This vulnerability is identified as CVE-2025-40706. The attack can be executed remotely. There is not any exploit available.

Many people still think of DDoS attacks as pure volume battles, so when there is talk of terabit peaks, overloaded backbones, and massive bandwidth battles, they sit up and take notice. However, attacks can also take place in other dimensions, but the consequences can still be just as serious.  A recent example shows how precisely […]

The post Layer 7 DDoS: When 16 million sessions hit a server per minute appeared first on Link11.

A vulnerability has been found in GalleryVault Gallery Vault App up to 4.5.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. This vulnerability is referenced as CVE-2025-9695. The attack can only be performed from a local environment. Furthermore, an exploit is available.

Почему магазины не замечали массовую скупку подарочных карт на миллионы долларов.

A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity

Submit #639039 / VDB-321906

A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. Executing manipulation of the argument Username can lead to sql injection. The identification of this vulnerability is CVE-2025-9694. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #639031 / VDB-320355

Submit #639032 / VDB-319902

Submit #638947 / VDB-321905

喜报，墨菲安全连续第二年获权威认可！

Back in Part 1, we walked through how attackers are using Microsoft 365’s Direct Send feature to spoof internal emails, making those messages look like they’re coming from a trusted domain.

The post Microsoft and IRONSCALES Crack Down on the Direct Send Exploit appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. This vulnerability was named CVE-2025-9692. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. This vulnerability is uniquely identified as CVE-2025-9691. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-9690. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. This vulnerability is known as CVE-2025-9689. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #638853 / VDB-321904

Submit #638843 / VDB-321903