Aggregator

CVE-2025-52410 | Institute-of-Current-Students 1.0 GET Parameter mydetailsstudent.php myds sql injection (EUVD-2025-198302)

Vuldb Updates
7 months ago
A vulnerability has been found in Institute-of-Current-Students 1.0 and classified as critical. This affects an unknown function of the file mydetailsstudent.php of the component GET Parameter Handler. The manipulation of the argument myds leads to sql injection. This vulnerability is uniquely identified as CVE-2025-52410. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More

Security Boulevard
7 months ago

Morpheus automates Tier 1 and Tier 2 SOC work across Microsoft Sentinel, Defender, and Entra ID. Scale your MSSP, maintain SLA compliance and service quality.

The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on D3 Security.

The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on Security Boulevard.

Shriram Sharma

CVE-2025-13226 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446113 / Nessus ID 275722)

Vuldb Updates
7 months ago
A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is traded as CVE-2025-13226. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-7314 | anji-plus AJ-Report up to 1.4.0 HTTP Request /swagger-ui insufficient permissions or privileges (EUVD-2024-48255)

Vuldb Updates
7 months ago
A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.0. Affected is an unknown function of the component HTTP Request Handler. The manipulation of the argument /swagger-ui leads to improper handling of insufficient permissions or privileges. This vulnerability is listed as CVE-2024-7314. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

Salesforce investigates new incident echoing Salesloft Drift compromise

Help Net Security
7 months ago

In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection. Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation … More →

The post Salesforce investigates new incident echoing Salesloft Drift compromise appeared first on Help Net Security.

Zeljka Zorz

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

Security Affairs
7 months ago
The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the device, and hide fraudulent actions from the user. ThreatFabric analysis shows Sturnus malware […]
Pierluigi Paganini

Managed ad