Aggregator

CVE-2025-7547 | Campcodes Online Movie Theater Seat Reservation System 1.0 /admin/admin_class.php save_movie cover unrestricted upload (EUVD-2025-21275)

VulDB Recent Entries
1 week 1 day ago
A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects the function save_movie of the file /admin/admin_class.php. The manipulation of the argument cover leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-7547. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7546 | GNU Binutils 2.45 bfd/elf.c bfd_elf_set_group_contents out-of-bounds write (Bug 33050 / EUVD-2025-21277)

VulDB Recent Entries
1 week 1 day ago
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-7546. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-7545 | GNU Binutils 2.45 binutils/objcopy.c copy_section heap-based overflow (Bug 33049 / EUVD-2025-21278)

VulDB Recent Entries
1 week 1 day ago
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-7545. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

McDonald’s job app exposes data of 64 Million applicants

Security Affairs
1 week 1 day ago
Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of over 64 million job applicants. The security duo found that McDonald’s hiring bot, built by […]
Pierluigi Paganini

CVE-2024-41169 | Apache Zeppelin up to 0.11.x Cluster Interpreter resource control (EUVD-2024-54778)

VulDB Recent Entries
1 week 1 day ago
A vulnerability classified as problematic has been found in Apache Zeppelin up to 0.11.x. Affected is an unknown function of the component Cluster Interpreter. The manipulation leads to improper control of resource through lifetime. This vulnerability is traded as CVE-2024-41169. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Hackers Compromise WordPress GravityForms Plugin with Malicious Code Injection

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 1 day ago

Hackers have targeted the popular WordPress plugin Gravity Forms, injecting malicious code into versions downloaded from the official gravityforms.com domain. The breach was first reported on July 11, 2025, when security researchers noticed suspicious HTTP requests to the domain gravityapi.org, which was registered just days earlier on July 8, 2025. This domain, now suspended by […]

The post Hackers Compromise WordPress GravityForms Plugin with Malicious Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Thermomix TM5 Vulnerabilities Enable Remote Takeover by Attackers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 1 day ago

Researchers have uncovered multiple vulnerabilities in the Thermomix TM5, a multifunctional kitchen appliance from Vorwerk, allowing attackers to potentially achieve remote takeover through firmware manipulation and persistent code execution. The device’s main board, powered by a Freescale/NXP i.MX28 SoC with ARM926EJ-S core, integrates a NAND flash (Toshiba TC58NVG0S3HTA00) and DDR2 SDRAM, which were dumped and […]

The post Thermomix TM5 Vulnerabilities Enable Remote Takeover by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 1 day ago

A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology, relies on its V1 protocol for liquidity provision through its GLP (GMX Liquidity Provider) token. […]

The post Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad