Aggregator

CVE-2025-1855 | PHPGurukul Online Shopping Portal 2.1 /product-details.php quality/price/value/name/summary/review sql injection

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. This vulnerability is known as CVE-2025-1855. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-56946 | Technitium DNS Server up to 13.2.2 QUIC Connection denial of service (EUVD-2024-53455)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Technitium DNS Server up to 13.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the component QUIC Connection Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-56946. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-1856 | Codezips Gym Management System 1.0 gen_invoice.php ID sql injection

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-1856. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-54149 | Winter CMS up to 1.0.475/1.1.10/1.2.6 incomplete blacklist (GHSA-xhw3-4j3m-hq53)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Winter CMS up to 1.0.475/1.1.10/1.2.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incomplete blacklist. This vulnerability is known as CVE-2024-54149. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11698 | Mozilla Firefox up to 132 Fullscreen Transition denial of service (Nessus ID 211877)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Mozilla Firefox up to 132 and classified as problematic. This issue affects some unknown processing of the component Fullscreen Transition Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-11698. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11698 | Mozilla Thunderbird up to 132 Fullscreen Transition denial of service (Nessus ID 211877)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Mozilla Thunderbird up to 132. It has been classified as problematic. Affected is an unknown function of the component Fullscreen Transition Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-11698. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11705 | Mozilla Firefox up to 132 NSC_DeriveKey phKey memory corruption (Nessus ID 211873)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Mozilla Firefox up to 132. It has been classified as critical. Affected is the function NSC_DeriveKey. The manipulation of the argument phKey leads to memory corruption. This vulnerability is traded as CVE-2024-11705. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11705 | Mozilla Thunderbird up to 132 NSC_DeriveKey phKey memory corruption (Nessus ID 211873)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Mozilla Thunderbird up to 132. It has been declared as critical. Affected by this vulnerability is the function NSC_DeriveKey. The manipulation of the argument phKey leads to memory corruption. This vulnerability is known as CVE-2024-11705. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2009-4650 | Onnogroen Com Webeecomment 2.0 index2.php articleId sql injection (EDB-33637 / BID-38204)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Onnogroen Com Webeecomment 2.0. It has been rated as critical. This issue affects some unknown processing of the file index2.php. The manipulation of the argument articleId leads to sql injection. The identification of this vulnerability is CVE-2009-4650. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Qilin

Dark Feed IO
7 months 3 weeks ago

You must login to view this content

cohenido

Warnings Ratchet Up Over Iranian Cyberattacks

Ransomware DataBreachToday.com
7 months 3 weeks ago
Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

LLMs Tricked by 'Echo Chamber' Attack in Jailbreak Tactic

Ransomware DataBreachToday.com
7 months 3 weeks ago
Researcher Details Stealthy Multi-Turn Prompt Exploit Bypassing AI Safety
Well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.

The U.S. House banned WhatsApp on government devices due to security concerns

Security Affairs
7 months 3 weeks ago
The U.S. House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT, ByteDance apps, and Microsoft Copilot. “nuto has deemed WhatsApp a high-risk to users due […]
Pierluigi Paganini

Akira

Dark Feed IO
7 months 3 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO
7 months 3 weeks ago

You must login to view this content

cohenido

SCIM Best Practices: Building Secure and Extensible User Provisioning

Security Boulevard
7 months 3 weeks ago

It's worth thinking about how schema design and security considerations interact with each other. The decisions you make about schema extensions can have significant security implications, and your security requirements might influence how you design your schema.

The post SCIM Best Practices: Building Secure and Extensible User Provisioning appeared first on Security Boulevard.

Devesh Patel

ADR Virtual Patching Use Rising as Retail Application Layer Attacks Spike | May Attack Data | Contrast Security

Security Boulevard
7 months 3 weeks ago

One important Application Detection and Response feature is helping customers intercept real threats in real time, shielding apps while developers patch the underlying flaws.

The post ADR Virtual Patching Use Rising as Retail Application Layer Attacks Spike | May Attack Data | Contrast Security appeared first on Security Boulevard.

Contrast Labs

Managed ad