Aggregator

9月15日，一起严重的NPM组件投毒事件，影响了两位知名开发者维护的近40个开源组件。这次攻击针对开发者valorkin和scttcper的账户进行了凭证窃取，并在他们维护的热门组件中植入了恶意代码。

A vulnerability labeled as critical has been found in Planet ICG-2510WG-LTE and ICG-2510W-LTE. The impacted element is an unknown function. Executing manipulation can lead to missing authentication. This vulnerability appears as CVE-2025-9971. The attack may be performed from remote. There is no available exploit. The application of restrictive firewalling is recommended.

Submit #649894 / VDB-271373

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. This vulnerability is reported as CVE-2025-10608. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as problematic has been discovered in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-10607. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /module/Configuracao/ConfiguracaoMovimentoGeral. This manipulation of the argument tipoacao causes cross site scripting. This vulnerability is registered as CVE-2025-10606. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. This vulnerability is cataloged as CVE-2025-10605. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #649880 / VDB-312813

A vulnerability was found in PHPGurukul Online Discussion Forum 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit_member.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-10604. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in PHPGurukul Online Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_forum/search_result.php. Executing manipulation of the argument Search can lead to sql injection. This vulnerability is tracked as CVE-2025-10603. The attack can be launched remotely. Moreover, an exploit is present.

Submit #649876 / VDB-324628

Submit #649875 / VDB-324627

Submit #649874 / VDB-324626

Submit #649872 / VDB-324625

Submit #649873 / VDB-242143

Submit #649868 / VDB-324624

Submit #649867 / VDB-324623

Компания готовит сюрприз для пользователей 365.

A sophisticated Python-based information stealer named XillenStealer has emerged as a significant threat to Windows users, designed to harvest sensitive system data, browser credentials, and cryptocurrency wallet information. XillenStealer operates through a comprehensive builder framework called “XillenStealer Builder V3.0,” featuring a Python-based Tkinter GUI that enables threat actors to configure and customize their attacks with […]

The post Python-Based “XillenStealer” Campaign Targets Windows Users’ Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-10602. The attack can be initiated remotely. Additionally, an exploit exists.