Безопасно ли нажимать "Я не робот"? Тысячи сайтов превратили CAPTCHA в ловушку с вымогателями
Новый механизм обмана уже работает на сотнях сайтов.
Aggregator
Medusa Blog
8 months 3 weeks ago
You must login to view this content
cohenido
CVE-2025-60448 | Emlog Pro 2.5.19 SVG File /admin/media.php cross site scripting
8 months 3 weeks ago
A vulnerability was found in Emlog Pro 2.5.19. It has been rated as problematic. This impacts an unknown function of the file /admin/media.php of the component SVG File Handler. Performing manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-60448. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-60447 | Emlog Pro 2.5.19 Email Template Configuration setting.php?action=mail cross site scripting
8 months 3 weeks ago
A vulnerability was found in Emlog Pro 2.5.19. It has been declared as problematic. This affects an unknown function of the file /admin/setting.php?action=mail of the component Email Template Configuration. Such manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2025-60447. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-60449 | SeaCMS 13.1 admin_safe.php information disclosure
8 months 3 weeks ago
A vulnerability was found in SeaCMS 13.1. It has been classified as problematic. The impacted element is an unknown function of the file admin_safe.php. This manipulation causes information disclosure.
This vulnerability is registered as CVE-2025-60449. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-60454 | MetInfo CMS 8.0 Image Management img_admin.class.php cross site scripting
8 months 3 weeks ago
A vulnerability was found in MetInfo CMS 8.0 and classified as problematic. The affected element is an unknown function of the file app\system\img\admin\img_admin.class.php of the component Image Management Module. The manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2025-60454. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-60453 | MetInfo CMS 8.0 Column Management index.class.php cross site scripting
8 months 3 weeks ago
A vulnerability has been found in MetInfo CMS 8.0 and classified as problematic. Impacted is an unknown function of the file app\system\column\admin\index.class.php of the component Column Management Module. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2025-60453. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-60452 | MetInfo CMS 8.0 Download Management download_admin.class.php cross site scripting
8 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in MetInfo CMS 8.0. This issue affects some unknown processing of the file app\system\download\admin\download_admin.class.php of the component Download Management Module. Executing manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2025-60452. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-60451 | MetInfo CMS 8.0 Website Settings uploadify.class.php cross site scripting
8 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in MetInfo CMS 8.0. This vulnerability affects unknown code of the file app\system\include\module\uploadify.class.php of the component Website Settings Module. Performing manipulation results in cross site scripting.
This vulnerability is identified as CVE-2025-60451. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-60450 | MetInfo CMS 8.0 SVG File Uploader.class.php cross site scripting
8 months 3 weeks ago
A vulnerability classified as problematic was found in MetInfo CMS 8.0. This affects an unknown part of the file app\system\include\module\editor\Uploader.class.php of the component SVG File Handler. Such manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2025-60450. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-60445 | XunRuiCMS 4.7.1 SVG File Upload.php cross site scripting
8 months 3 weeks ago
A vulnerability classified as problematic has been found in XunRuiCMS 4.7.1. Affected by this issue is some unknown functionality in the library dayrui/Fcms/Library/Upload.php of the component SVG File Handler. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2025-60445. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-59489 | Unity Editor up to 6000.3 untrusted search path (EUVD-2025-32292)
8 months 3 weeks ago
A vulnerability described as problematic has been identified in Unity Editor up to 6000.3. Affected by this vulnerability is an unknown functionality. The manipulation results in untrusted search path.
This vulnerability was named CVE-2025-59489. The attack needs to be approached locally. There is no available exploit.
vuldb.com
ShinyHunters launches Salesforce data leak site to extort 39 victims
8 months 3 weeks ago
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. [...]
Sergiu Gatlan
Report Details Security Weakness in Comet AI Browser from Perplexity
8 months 3 weeks ago
A new LayerX report shows how a single malicious URL can exploit Perplexity’s Comet AI browser via prompt injection, potentially exposing sensitive data and connected applications.
The post Report Details Security Weakness in Comet AI Browser from Perplexity appeared first on Security Boulevard.
Michael Vizard
Crypto24
8 months 3 weeks ago
You must login to view this content
cohenido
Поиск с подвохом: как один клик в Google может отдать ваш сервер хакерам
8 months 3 weeks ago
Крупные организации по всему миру уже стали жертвами этой изощренной схемы.
LinkedIn sues software company allegedly scraping data from millions of profiles
8 months 3 weeks ago
ProAPIs, a software company, and its CEO Rahmat Alam allegedly run an operation which LinkedIn says charges customers up to $15,000 per month for scraped user data taken from the social media platform.
CommetJacking attack tricks Comet browser into stealing emails
8 months 3 weeks ago
A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. [...]
Bill Toulas
SLH
8 months 3 weeks ago
You must login to view this content
cohenido
SLH
8 months 3 weeks ago
You must login to view this content
cohenido