Aggregator

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This impacts an unknown function of the file /Reservations/Search of the component API. Performing manipulation of the argument Value results in sql injection. This vulnerability is known as CVE-2025-6117. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /vehicle/search of the component API. Executing manipulation of the argument vehicleTypeCode can lead to sql injection. This vulnerability is handled as CVE-2025-6118. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Customer Support System 1.0. This vulnerability affects unknown code of the file /customer_support/manage_user.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-40728. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in Customer Support System 1.0. This affects an unknown function of the file /customer_support/index.php. Such manipulation of the argument page leads to cross site scripting. This vulnerability is referenced as CVE-2025-40729. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. This impacts the function queryPage of the file platform-schedule/src/main/java/com/platform/controller/ScheduleJobController.java. Executing manipulation of the argument beanName can lead to sql injection. This vulnerability is tracked as CVE-2025-7934. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A vulnerability was found in Linksys E1700 1.0.0.4.003. It has been declared as critical. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The identification of this vulnerability is CVE-2025-9528. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in InstantCMS up to 1.6. It has been declared as critical. This affects the function eval of the component HTTP GET Request Handler. Executing manipulation of the argument look can lead to improper neutralization of directives in dynamically evaluated code. This vulnerability is tracked as CVE-2013-10051. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in qBittorrent up to 5.1.1. It has been declared as problematic. This impacts an unknown function of the file rsswidget.cpp of the component Link URL Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is uniquely identified as CVE-2025-54310. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Meshtastic Firmware up to 2.6.10. This affects an unknown part of the component Direct Message Handler. Such manipulation leads to insufficient entropy. This vulnerability is referenced as CVE-2025-52464. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been declared as critical. Affected by this issue is some unknown functionality of the file /adpweb/a/base/barcodeDetail/. Executing manipulation of the argument barcodeNo/barcode/itemNo can lead to sql injection. This vulnerability is registered as CVE-2025-6267. It is possible to launch the attack remotely. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Trend Micro Worry-Free Business Security. This impacts an unknown function. The manipulation results in uncontrolled search path. This vulnerability is cataloged as CVE-2025-49487. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in M-Files Server. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation results in path traversal. This vulnerability is reported as CVE-2025-5964. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A phishing campaign is gaining access to universities' third-party platforms and routing employee paychecks to accounts controlled by hackers, researchers said.

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely

A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]

Alleged Sale of abcproxy.com Brute & Checker

The ransomware landscape witnessed unprecedented upheaval in Q3 2025 as cyberthreat actors ushered in a new era of aggression and sophistication. The quarter marked a pivotal moment with the emergence of Scattered Spider’s inaugural ransomware-as-a-service offering, ShinySp1d3r RaaS, representing the first major English-led ransomware operation to challenge traditional Russian-speaking dominance in the ecosystem. Simultaneously, the […]

The post Data-Leak Sites Hit an All-Time High With New Scattered Spider RaaS and LockBit 5.0 appeared first on Cyber Security News.

A vulnerability was found in code-projects Simple Scheduling System 1.0 and classified as problematic. This affects an unknown function. The manipulation of the argument Subject Description results in cross site scripting. This vulnerability is identified as CVE-2025-60304. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in xckk 9.6 and classified as critical. The impacted element is an unknown function. The manipulation of the argument orderBy leads to sql injection. This vulnerability is referenced as CVE-2025-60266. Remote exploitation of the attack is possible. No exploit is available.