Aggregator

Submit #654377 / VDB-257604

Submit #654376 / VDB-325165

Submit #654375 / VDB-325164

Submit #654374 / VDB-325163

Submit #654373 / VDB-325162

OpenAI has patched a critical vulnerability known as ShadowLeak, which allowed its cloud-based agent Deep Research to silently

The post OpenAI Patches “ShadowLeak,” a Zero-Click Flaw in Deep Research Agent appeared first on Penetration Testing Tools.

A vulnerability identified as critical has been detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2025-10802. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Cybercriminals have discovered a way to bypass mobile operators’ filters and launch large-scale waves of fraudulent text messages.

The post New Threat: Criminals Use Fake Cell Towers to Deliver Phishing Texts appeared first on Penetration Testing Tools.

Submit #654260 / VDB-324812

Submit #654237 / VDB-325161

A vulnerability categorized as critical has been discovered in h2oai h2o-3 up to 3.46.7. This impacts an unknown function of the component JDBC Connection Handler. The manipulation results in deserialization. This vulnerability was named CVE-2025-6544. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch

The post Microsoft Averts Mass Cloud Takeover Due to Azure Flaw appeared first on Penetration Testing Tools.

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. It has been rated as critical. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10801. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #654164 / VDB-325160

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been declared as critical. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. This vulnerability is handled as CVE-2025-10800. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-10799. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-10798. The attack may be launched remotely. Furthermore, there is an exploit available.