Aggregator

Currently trending CVE - Hype Score: 2 - This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.

A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. This vulnerability is traded as CVE-2025-2673. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injection. The identification of this vulnerability is CVE-2025-2672. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. This vulnerability was named CVE-2025-2671. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #521244 / VDB-300690

Submit #521243 / VDB-300689

Ошибка в угле скручивания подарила физикам встречу с легендарной бабочкой.

Submit #521169 / VDB-300688

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2665. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-2664. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #521167 / VDB-300687

Windows 10 即将于 10 月 14 日终止支持，由于微软提高了 Windows 11 的硬件需求，因此绝大多数 Windows 10 用户无法升级到 Windows 11。而根据 StatCounter 的统计，Windows 10 仍然占据了 58.7% 的份额，而 Windows 11 只有 38.13%，意味着半年之后会有数以亿计的 PC 将无法获得安全更新。微软对此有个建议，卖掉旧电脑，换新电脑。微软被发现已开始向 Windows 10 用户发送电子邮件，建议他们升级。微软称，用户的旧电脑可以通过以旧换新或交给本地组织回收；10 月 14 日之后用户的旧电脑仍然能工作，但不再能获得支持。

Submit #520780 / VDB-300686

A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput leads to sql injection. This vulnerability is known as CVE-2025-2663. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #520693 / VDB-300586

Submit #520692 / VDB-300585

Submit #520436 / VDB-300685

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php?cid=1. The manipulation of the argument classname/capacity/classtiming leads to sql injection. This vulnerability is known as CVE-2025-2034. The attack can be launched remotely. Furthermore, there is an exploit available.