Aggregator

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]

ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous […]

Когда флэш-память упирается в физику, ДНК предлагает выход с плотностью и сроком хранения.

IOC Alert: Unam Web Panel Command-and-Control Infrastructure

Ровер собрали, денег пожалели… но возобновили проект спустя годы.

A vulnerability was found in PHPJabbers Restaurant Menu Maker up to 1.1. It has been classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. This vulnerability appears as CVE-2025-10827. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. This vulnerability is reported as CVE-2025-10826. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in Campcodes Online Beauty Parlor Management System 1.0 and classified as critical. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. This vulnerability is documented as CVE-2025-10825. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #655884 / VDB-325184

Submit #655882 / VDB-325158

Submit #654384 / VDB-325183

Submit #654379 / VDB-325182

Submit #654387 / VDB-257603

Submit #654386 / VDB-257605

A vulnerability, which was classified as critical, was found in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. This vulnerability is registered as CVE-2025-10824. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, has been found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-10823. The attack must be initiated from a local position. Furthermore, there is an exploit available.

Submit #654378 / VDB-257602

Submit #654072 / VDB-325181

Submit #654069 / VDB-325180

A vulnerability classified as problematic was found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. This vulnerability is listed as CVE-2025-10822. The attack may be performed from remote. In addition, an exploit is available.