Кислород из пыли. На Земле — абсурд. На Луне — последний шанс выжить
Реголит — главный ключ к захвату космоса?
Aggregator
CVE-2025-7767 | PHPGurukul Art Gallery Management System 1.1 edit-art-medium-detail.php artmed cross site scripting
1 week 3 days ago
A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/edit-art-medium-detail.php. The manipulation of the argument artmed leads to cross site scripting.
This vulnerability is handled as CVE-2025-7767. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7765 | code-projects Online Appointment Booking System 1.0 addmanagerclinic.php clinic sql injection
1 week 3 days ago
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection.
This vulnerability is known as CVE-2025-7765. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7764 | code-projects Online Appointment Booking System 1.0 deletedoctorclinic.php clinic sql injection
1 week 3 days ago
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection.
This vulnerability is traded as CVE-2025-7764. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages
1 week 3 days ago
A sophisticated espionage campaign targeting multiple Asian jurisdictions has emerged, utilizing weaponized shortcut files and deceptive social engineering techniques to infiltrate high-value targets across China, Hong Kong, and Pakistan. The threat actor, designated UNG0002 (Unknown Group 0002), has demonstrated remarkable persistence and technical evolution throughout two major operational phases spanning from May 2024 to the […]
The post UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2025-53941 | fedify-dev hollo up to 0.6.4 ActivityPub cross site scripting (GHSA-w7gc-g3x7-hq8h / EUVD-2025-21766)
1 week 3 days ago
A vulnerability was found in fedify-dev hollo up to 0.6.4. It has been rated as problematic. This issue affects some unknown processing of the component ActivityPub. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-53941. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53928 | MaxKB up to 1.10.8-lts MCP Call code injection (GHSA-38q2-4mm7-qf5h / EUVD-2025-21771)
1 week 3 days ago
A vulnerability was found in MaxKB up to 1.10.8-lts. It has been declared as critical. This vulnerability affects unknown code of the component MCP Call Handler. The manipulation leads to code injection.
This vulnerability was named CVE-2025-53928. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53946 | LabRedesCefetRJ WeGIA up to 3.4.4 profile_paciente.php id_funcionario sql injection (GHSA-532r-mgxv-g7jm)
1 week 3 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been classified as critical. This affects an unknown part of the file /html/saude/profile_paciente.php. The manipulation of the argument id_funcionario leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-53946. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54060 | LabRedesCefetRJ WeGIA up to 3.4.5 dependente_editarInfoPessoal.php idatendido_familiares sql injection (EUVD-2025-21769)
1 week 3 days ago
A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /html/funcionario/dependente_editarInfoPessoal.php. The manipulation of the argument idatendido_familiares leads to sql injection.
This vulnerability is known as CVE-2025-54060. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54058 | LabRedesCefetRJ WeGIA up to 3.4.5 dependente_editarEndereco.php idatendido_familiares sql injection (EUVD-2025-21770)
1 week 3 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this issue is some unknown functionality of the file /html/funcionario/dependente_editarEndereco.php. The manipulation of the argument idatendido_familiares leads to sql injection.
This vulnerability is handled as CVE-2025-54058. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Submit #616195: PHPGurukul Art Gallery Management System V1.1 stored xss [Accepted]
1 week 3 days ago
Submit #616195 / VDB-316766
adlu
CVE-2025-7763 | thinkgem JeeSite up to 5.12.0 Site Controller/SSO redirect (28/29 / EUVD-2025-21826)
1 week 3 days ago
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO. The manipulation leads to open redirect.
This vulnerability is traded as CVE-2025-7763. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
Multiple endpoints are affected.
vuldb.com
Submit #616176: code-projects Online Appointment Booking System V1.0 SQL injection [Accepted]
1 week 3 days ago
Submit #616176 / VDB-316765
jaynewboy
Submit #616175: code-projects Online Appointment Booking System V1.0 SQL injection [Accepted]
1 week 3 days ago
Submit #616175 / VDB-316764
jaynewboy
Submit #616103: JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Open Redirect [Accepted]
1 week 3 days ago
Submit #616103 / VDB-316758
ZAST.AI
4 ГБ в один клик, GigaChat и Госключ: что уже умеет мессенджер MAX
1 week 3 days ago
Минцифры раскрыло, какие функции появятся в национальном мессенджере.
Massistant: Chinese Mobile Forensic Tool Accesses SMS, Images, Audio, and GPS Data
1 week 3 days ago
Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated mobile forensics application called Massistant, deployed by Chinese law enforcement to extract comprehensive data from confiscated mobile devices. The tool represents a significant evolution from its predecessor MFSocket, incorporating advanced capabilities to bypass device security measures and collect sensitive information including SMS messages, images, audio […]
The post Massistant: Chinese Mobile Forensic Tool Accesses SMS, Images, Audio, and GPS Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2025-7762 | D-Link DI-8100 16.07.26A1 HTTP Request /menu_nat_more.asp stack-based overflow (EUVD-2025-21829)
1 week 3 days ago
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow.
The identification of this vulnerability is CVE-2025-7762. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #615796: D-Link DI-8100 16.07.26A1 Buffer Overflow [Accepted]
1 week 3 days ago
Submit #615796 / VDB-316757
XiDP
Akira
1 week 3 days ago
You must login to view this content
cohenido