Aggregator

A vulnerability, which was classified as critical, has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The identification of this vulnerability is CVE-2025-8966. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #628169 / VDB-319968

Submit #628168 / VDB-319967

Submit #628167 / VDB-319966

Submit #628166 / VDB-319965

Submit #628165 / VDB-319964

Submit #628164 / VDB-319963

Submit #628163 / VDB-319962

Submit #628162 / VDB-319961

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. This vulnerability was named CVE-2025-8965. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-8964. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in jeecgboot JimuReport up to 2.1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-8963. The attack may be launched remotely. There is no exploit available. The vendor response to the GitHub issue report is: "Modified, next version updated".

Submit #628117 / VDB-319927

Submit #628098 / VDB-319960

Где xAI? Не в топе. Кто виноват? Конечно, Apple. Что делать? Составлять иск!

This joint guidance outlines the process for OT owners and operators to create an asset inventory and OT taxonomy.

Submit #628030 / VDB-319959

Charak Center for Health and Wellness Falls Victim to Qilin Ransomware

A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-8962. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #628028 / VDB-319958