Aggregator

CVE-2025-6983 | TP-Link Archer C1200 up to 1.1.5 Web Management Page ui layer (EUVD-2025-21737)

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in TP-Link Archer C1200 up to 1.1.5. This affects an unknown part of the component Web Management Page. The manipulation leads to improper restriction of rendered ui layers. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6983. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-53908 | rommapp romm up to 3.10.2/4.0.0-beta2 /api/raw path traversal (GHSA-fx9g-xw4j-jwc3)

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in rommapp romm up to 3.10.2/4.0.0-beta2. Affected by this issue is some unknown functionality of the file /api/raw. The manipulation leads to path traversal: '/dir/../filename'. This vulnerability is handled as CVE-2025-53908. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7729 | Scada-LTS up to 2.7.8.1 usersProfiles.shtm Username cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. This vulnerability is known as CVE-2025-7729. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
vuldb.com

CVE-2025-7728 | Scada-LTS up to 2.7.8.1 users.shtm Username cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. This vulnerability is traded as CVE-2025-7728. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
vuldb.com

Chinese ‘Salt Typhoon’ Hackers Hijacked US National Guard Network for Nearly a Year

Cyber Security News
9 months 1 week ago

Chinese state-sponsored hackers known as Salt Typhoon successfully infiltrated and maintained persistent access to a U.S. state’s Army National Guard network for nearly ten months, from March 2024 through December 2024, according to a Department of Homeland Security memo obtained by NBC News. The sophisticated cyberespionage campaign represents a significant escalation in Beijing’s ongoing cyber […]

The post Chinese ‘Salt Typhoon’ Hackers Hijacked US National Guard Network for Nearly a Year appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-4941

CVE Trends
9 months 1 week ago
Currently trending CVE - Hype Score: 22 - A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the ...

Qilin

Dark Feed IO
9 months 1 week ago

You must login to view this content

cohenido

Cracked Apps Delivering Infostealers Identified as Leading Attack Vector in June 2025

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

The AhnLab Security Intelligence Center (ASEC) published a thorough analysis in June 2025 that identified infostealer malware masquerading as keygens and cracked software as a primary attack vector. This malware uses advanced search engine optimization (SEO) poisoning to elevate malicious distribution sites in search results. ASEC’s automated malware collection systems, including crack monitoring, email honeypots, […]

The post Cracked Apps Delivering Infostealers Identified as Leading Attack Vector in June 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

Security Affairs
9 months 1 week ago
International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16). European and U.S. authorities disrupted the activities of the pro-Russian hacktivist group NoName057(16) in Operation Eastwood. “Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and […]
Pierluigi Paganini

CVE-2025-37107 | HPE AutoPass License Server up to 9.17 improper authentication (EUVD-2025-21732)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in HPE AutoPass License Server up to 9.17. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-37107. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-37106 | HPE AutoPass License Server up to 9.17 improper authentication (EUVD-2025-21733)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in HPE AutoPass License Server up to 9.17. It has been classified as critical. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-37106. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Hackers Leverage 607 Malicious Domains to Spread APK Malware with Remote Command Execution

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

PreCrime Labs at BforeAI discovered a complex cyber threat operation in which hackers have used a vast network of 607 rogue domains to spread fake Telegram Messenger application files (APKs) over the course of the last month. These domains, primarily registered via the Gname registrar and hosting content in Chinese, form part of a large-scale […]

The post Hackers Leverage 607 Malicious Domains to Spread APK Malware with Remote Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Threat Actors Weaponize WordPress Sites to Redirect Visitors to Malicious Domains

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

Security researchers identified a sophisticated malware campaign targeting WordPress websites, where threat actors embedded malicious code within core files to facilitate unauthorized redirects and search engine optimization (SEO) poisoning. The infection was traced to the wp-settings.php file, a fundamental component of the WordPress framework, which had been altered to include two anomalous lines of PHP […]

The post Threat Actors Weaponize WordPress Sites to Redirect Visitors to Malicious Domains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad