Aggregator

CVE-2025-4852 | TOTOLINK A3002R 2.1.1-B20230720.1011 VPN Page Comment cross site scripting

Vuldb Updates
10 months 1 week ago
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The identification of this vulnerability is CVE-2025-4852. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4858 | D-Link DAP-2695 120b36r137_ALL_en_20210528 ARP Spoofing Prevention Page /adv_arpspoofing.php harp_mac cross site scripting

Vuldb Updates
10 months 1 week ago
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-4858. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-4860 | D-Link DAP-2695 120b36r137_ALL_en_20210528 Static Pool Settings Page /adv_dhcps.php f_mac cross site scripting

Vuldb Updates
10 months 1 week ago
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-4860. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-4861 | PHPGurukul Beauty Parlour Management System 1.1 /admin/admin-profile.php contactnumber sql injection

Vuldb Updates
10 months 1 week ago
A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. This vulnerability is known as CVE-2025-4861. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-4864 | itsourcecode Restaurant Management System 1.0 /admin/finished.php ID sql injection

Vuldb Updates
10 months 1 week ago
A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4864. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4865 | itsourcecode Restaurant Management System 1.0 /admin/member_save.php last sql injection

Vuldb Updates
10 months 1 week ago
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The identification of this vulnerability is CVE-2025-4865. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs
10 months 1 week ago
Chinese “kill switches” found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids in a conflict. Investigators found “kill switches” in Chinese-made power inverters in US solar farm equipment. These hidden cellular radios could let Beijing remotely cripple power grids during a conflict. The Times reported that […]
Pierluigi Paganini

Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited

Help Net Security
10 months 1 week ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. How to give better cybersecurity presentations (without sounding like a robot) Most people think great presenters are born with natural talent. Luka Krejci, a presentation … More →

The post Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited appeared first on Help Net Security.

Help Net Security

Managed ad