Aggregator

CVE-2023-49666 | Kashipara Group Billing Software 1.0 submit_material_list.php custmer_details sql injection

Vuldb Updates
4 weeks ago
A vulnerability was found in Kashipara Group Billing Software 1.0. It has been declared as critical. This issue affects some unknown processing of the file submit_material_list.php. Executing manipulation of the argument custmer_details can lead to sql injection. This vulnerability is tracked as CVE-2023-49666. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2024-28111 | thinkst canarytokens up to 2019-03-01 Incident Export csv injection

Vuldb Updates
4 weeks ago
A vulnerability, which was classified as problematic, has been found in thinkst canarytokens up to 2019-03-01. This issue affects some unknown processing of the component Incident Export. Performing manipulation results in csv injection. This vulnerability was named CVE-2024-28111. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-13788 | Chanjet CRM up to 20251106 upgradeattribute.php gblOrgID sql injection (EUVD-2025-199930)

Vuldb Updates
4 weeks ago
A vulnerability has been found in Chanjet CRM up to 20251106 and classified as critical. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. This vulnerability is documented as CVE-2025-13788. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-13789 | ZenTao up to 21.7.6-8564 module/ai/model.php makeRequest Base server-side request forgery (EUVD-2025-199932)

Vuldb Updates
4 weeks ago
A vulnerability was found in ZenTao up to 21.7.6-8564 and classified as critical. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. This vulnerability is reported as CVE-2025-13789. The attack can be launched remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-13790 | Scada-LTS up to 2.7.8.1 cross-site request forgery (EUVD-2025-199934)

Vuldb Updates
4 weeks ago
A vulnerability was found in Scada-LTS up to 2.7.8.1. It has been classified as problematic. This impacts an unknown function. This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2025-13790. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-13791 | Scada-LTS up to 2.7.8.1 Project Import ZIPProjectManager.java Common.getHomeDir path traversal (EUVD-2025-199936)

Vuldb Updates
4 weeks ago
A vulnerability was found in Scada-LTS up to 2.7.8.1. It has been declared as critical. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2025-13791. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-13787 | ZenTao up to 21.7.6-8564 File module/file/control.php file::delete fileID privileges management (EUVD-2025-199929)

Vuldb Updates
4 weeks ago
A vulnerability, which was classified as critical, was found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. This vulnerability is registered as CVE-2025-13787. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hackers News
4 weeks ago
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
The Hacker News

Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations

Cyber Security News
4 weeks ago

Cybercriminals are actively spreading CoinMiner malware through USB drives, targeting workstations across South Korea to mine Monero cryptocurrency. This ongoing campaign uses deceptive shortcut files and hidden folders to trick users into executing malicious scripts without their knowledge. The attack leverages a combination of VBS, BAT, and DLL files that work together to install XMRig, […]

The post Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations appeared first on Cyber Security News.

Tushar Subhra Dutta

Cultural Lag Leaves Security as the Weakest Link

Security Boulevard
4 weeks ago

For too long, security has been cast as a bottleneck – swooping in after developers build and engineers test to slow things down. The reality is blunt; if it’s bolted on, you’ve already lost. The ones that win make security part of every decision, from the first line of code to the last boardroom conversation...

The post Cultural Lag Leaves Security as the Weakest Link appeared first on Security Boulevard.

Yadi Narayana

Managed ad