Aggregator

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is known as CVE-2025-4028. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #559221 / VDB-306394

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection. This vulnerability is traded as CVE-2025-4027. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #559199 / VDB-306393

A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The identification of this vulnerability is CVE-2025-4026. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #559198 / VDB-306392

Submit #559193 / VDB-306391

A vulnerability classified as problematic was found in Ververica Platform 2.14.0. This vulnerability affects unknown code of the file namespaces/default/formats. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-46689. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Ververica Platform 2.14.0. This affects an unknown part of the file namespaces/default/formats. The manipulation leads to direct request. This vulnerability is uniquely identified as CVE-2025-46690. It is possible to initiate the attack remotely. There is no exploit available.

Submit #559159 / VDB-306390

A vulnerability was found in QuickJS and QuickJS-ng. It has been rated as problematic. Affected by this issue is the function JS_ReadBigInt. The manipulation leads to incorrect calculation of buffer size. This vulnerability is handled as CVE-2025-46688. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QuickJS and QuickJS-ng. It has been declared as critical. Affected by this vulnerability is the function JS_ReadString. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-46687. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Submit #558628 / VDB-306389

A vulnerability was found in 104 eHRMS up to 202412. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-3706. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SIOS Quick Agent up to 2.9.7/3.2.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to improper restriction of communication channel to intended endpoints. The identification of this vulnerability is CVE-2025-31144. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on underground dark web forums, raising alarms within the cybersecurity community. The malware, a heavily modified Monero (XMR) cryptocurrency miner, attracts buyers due to its advanced stealth capabilities and ease of use, even for less technically skilled threat actors. A New Breed […]

The post Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in SIOS Quick Agent up to 2.9.7/3.2.0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-27937. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and Linux systems. The vulnerabilities, temporarily designated as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, affect the widely used VPN solution that provides remote access to industrial systems. While official CVE IDs have been […]

The post Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in SIOS Quick Agent up to 2.9.7/3.2.0. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-26692. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

80 岁的乔治卢卡斯（George Lucas）在《星球大战之帝国反击战》上映 45 周年的纪念活动上解释了为什么尤达大师总是说倒装句：此举是为了确保尤达话中所蕴含的重要信息能传递给观众。尤达的说话方式是刻意的，如果他说的是常规的英文，观众可能不太会仔细聆听，但如果他有口音，或者说的话很难理解，那么观众就会认真听他说了什么。在星球大战电影里尤达基本上是一位哲学家，对白很长，所以必须想办法让观众仔细聆听，尤其是对 12 岁的儿童而言。