Submit #654065: MuYuCMS 2.7 Read, modify, and create any files after authentication and exec [Duplicate]
Submit #654065 / VDB-221735
Aggregator
Submit #654066: Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference [Accepted]
4 months 2 weeks ago
Submit #654066 / VDB-325928
ahuo
Submit #654064: Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference [Accepted]
4 months 2 weeks ago
Submit #654064 / VDB-325927
ahuo
Submit #654063: Open Babel 3.1.1 / master commit 889c350 NULL Pointer Dereference [Accepted]
4 months 2 weeks ago
Submit #654063 / VDB-325926
ahuo
Submit #654062: Open Babel 3.1.1 / master commit 889c350 Heap-based Buffer Overflow [Accepted]
4 months 2 weeks ago
Submit #654062 / VDB-325925
ahuo
Submit #654060: Open Babel 3.1.1 / master commit 889c350 Heap-based Buffer Overflow [Accepted]
4 months 2 weeks ago
Submit #654060 / VDB-325924
ahuo
Submit #654059: Open Babel 3.1.1 / master commit 889c3501 Memory Corruption [Accepted]
4 months 2 weeks ago
Submit #654059 / VDB-325923
ahuo
Submit #654057: Open Babel 3.1.1 / master commit 889c350 Use After Free [Accepted]
4 months 2 weeks ago
Submit #654057 / VDB-325922
ahuo
Co-op says it lost $107 million after Scattered Spider attack
4 months 2 weeks ago
The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April. [...]
Bill Toulas
Salesforce AI Agents Forced to Leak Sensitive Data
4 months 2 weeks ago
Yet again researchers have uncovered an opportunity (dubbed "ForcedLeak" for indirect prompt injection against autonomous agents lacking sufficient security controls — but this time the risk involves PII, corporate secrets, physical location data, and so much more.
Nate Nelson, Contributing Writer
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Ransom Tales: Volume IV – Emulating Rhysida, Charon and Dire Wolf Ransomware
4 months 2 weeks ago
AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.
The post Ransom Tales: Volume IV – Emulating Rhysida, Charon and Dire Wolf Ransomware appeared first on AttackIQ.
The post Ransom Tales: Volume IV – Emulating Rhysida, Charon and Dire Wolf Ransomware appeared first on Security Boulevard.
Ayelen Torello
CVE-2025-10993 | MuYuCMS up to 2.7 Template Management /admin.php code injection (ICXVCE)
4 months 2 weeks ago
A vulnerability classified as critical was found in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection.
This vulnerability is known as CVE-2025-10993. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-29155 | petstore 1.0.7 DELETE Endpoint privilege escalation
4 months 2 weeks ago
A vulnerability classified as critical has been found in petstore 1.0.7. Affected by this vulnerability is an unknown functionality of the component DELETE Endpoint. The manipulation leads to privilege escalation.
This vulnerability is traded as CVE-2025-29155. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk
4 months 2 weeks ago
Austin / TX, United States, 25th September 2025, CyberNewsWire
CyberNewswire
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk
4 months 2 weeks ago
Austin / TX, United States, 25th September 2025, CyberNewsWire
The post Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk appeared first on Security Boulevard.
cybernewswire
CVE-2025-10992 | roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40 /user/info/lookupList improper authorization
4 months 2 weeks ago
A vulnerability described as critical has been identified in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead to improper authorization.
This vulnerability appears as CVE-2025-10992. The attack may be performed from remote. In addition, an exploit is available.
This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #654014: MuYuCMS 2.7 rce [Accepted]
4 months 2 weeks ago
Submit #654014 / VDB-325921
Eurekya