Aggregator

CVE-2025-56392 | Syaqui Collegetivity 1.0.0 HTTP POST Request /dashboard/notes resource injection (EUVD-2025-31773)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability classified as critical was found in Syaqui Collegetivity 1.0.0. Impacted is an unknown function of the file /dashboard/notes of the component HTTP POST Request Handler. Executing manipulation can lead to improper control of resource identifiers. This vulnerability is tracked as CVE-2025-56392. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2025-9870 | Razer Synapse 3 RazerPhilipsHueUninstall Local Privilege Escalation

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability classified as critical has been found in Razer Synapse 3. This issue affects the function RazerPhilipsHueUninstall. Performing manipulation results in Local Privilege Escalation. This vulnerability is identified as CVE-2025-9870. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-36132 | IBM Planning Analytics Local up to 2.0.106/2.1.13 Web UI cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability described as problematic has been identified in IBM Planning Analytics Local up to 2.0.106/2.1.13. This vulnerability affects unknown code of the component Web UI. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-36132. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-36262 | IBM Planning Analytics Local up to 2.0.106/2.1.13 improper validation of syntactic correctness of input

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability marked as problematic has been reported in IBM Planning Analytics Local up to 2.0.106/2.1.13. This affects an unknown part. This manipulation causes improper validation of syntactic correctness of input. The identification of this vulnerability is CVE-2025-36262. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance

Security Boulevard
8 months 4 weeks ago

When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 (script inventory, authorization, and integrity monitoring) and 11.6.1 (detection of unauthorized changes) demanded stronger visibility and control than many teams had in place. […]

The post Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance appeared first on Blog.

The post Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance appeared first on Security Boulevard.

Grainne McKeever

CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks

Cyber Security News
8 months 4 weeks ago

In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of a critical command injection vulnerability tracked as CVE-2025-59689 in Libraesva Email Security Gateway (ESG) devices. This flaw has rapidly emerged as a favored target for threat actors due to its ease of exploitation and the […]

The post CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2020-36852 | Custom Searchable Data Entry System Plugin up to 1.7.1 on WordPress ghazale_sds_delete_entries_table_row denial of service

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability labeled as problematic has been found in Custom Searchable Data Entry System Plugin up to 1.7.1 on WordPress. Affected by this issue is the function ghazale_sds_delete_entries_table_row. The manipulation results in denial of service. This vulnerability was named CVE-2020-36852. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-11195 | Rapid7 AppSpider Pro up to 7.5.020 Project Name improper authorization

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability was found in Rapid7 AppSpider Pro up to 7.5.020. It has been classified as critical. The impacted element is an unknown function of the component Project Name Handler. This manipulation causes improper authorization. This vulnerability appears as CVE-2025-11195. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-23292 | NVIDIA License System Delegated Licensing Service data query logic injection

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability was found in NVIDIA License System and classified as problematic. The affected element is an unknown function of the component Delegated Licensing Service. The manipulation results in improper neutralization of special elements in data query logic. This vulnerability is reported as CVE-2025-23292. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com

CVE-2025-23293 | NVIDIA License System Delegated Licensing Service missing authentication

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability, which was classified as critical, was found in NVIDIA License System. This issue affects some unknown processing of the component Delegated Licensing Service. Executing manipulation can lead to missing authentication. This vulnerability is registered as CVE-2025-23293. The attack requires access to the local network. No exploit is available.
vuldb.com

Managed ad