Aggregator

Submit #697491 / VDB-177389

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. The affected element is the function save_users/delete_users of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-2655. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as problematic, has been found in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. This vulnerability is reported as CVE-2025-13564. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #697083 / VDB-333328

APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web […]

A vulnerability classified as critical was found in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2025-13562. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in SPIP up to 4.1.15/4.2.12/4.3.0-alpha1. It has been declared as critical. This vulnerability affects unknown code of the component porte_plume Plugin. The manipulation results in improper access controls. This vulnerability is reported as CVE-2024-7954. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Sangfor Next-Gen Application Firewall 8.0.17. The affected element is an unknown function of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2023-30806. It is possible to launch the attack remotely. No exploit is available.

Submit #697063 / VDB-333327

A vulnerability classified as critical has been found in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. This vulnerability is registered as CVE-2025-13561. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #696684 / VDB-333326

A vulnerability described as critical has been identified in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. This vulnerability is cataloged as CVE-2025-13560. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #696678 / VDB-228798

Submit #696667 / VDB-234223

Submit #696659 / VDB-315090

Submit #696637 / VDB-333325

Submit #696635 / VDB-300670

Физики спорят, является ли отказ от комплексных чисел настоящим прорывом или всего лишь громоздкой симуляцией старой математики.

CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers.