A vulnerability described as critical has been identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection.
This vulnerability is traded as CVE-2025-9933. The attack may be launched remotely. Furthermore, there is an exploit available.
A vulnerability classified as problematic has been found in CKeditor5 up to 45.2.1/46.0.2. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2025-58064. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
A vulnerability described as problematic has been identified in langchain-ai LangChain up to 0.3.63. Affected by this issue is the function etree.iterparse of the component EverNoteLoader Component. The manipulation results in xml external entity reference.
This vulnerability was named CVE-2025-6984. The attack may be performed from remote. There is no available exploit.
A vulnerability, which was classified as problematic, was found in PHPGurukul Online Shopping Portal 2.1. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation results in cross site scripting.
This vulnerability is known as CVE-2025-57576. It is possible to launch the attack remotely. No exploit is available.
A vulnerability marked as problematic has been reported in MarceloTessaro promptcraft-forge-studio 0. The affected element is an unknown function of the file src/utils/validation.ts. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2025-58361. It is possible to initiate the attack remotely. There is no exploit available.
A vulnerability classified as critical has been found in Google Android 11.0/12.0/13.0. This vulnerability affects the function gatt_process_prep_write_rsp of the file gatt_cl.cc. This manipulation causes out-of-bounds write.
This vulnerability is handled as CVE-2023-20951. The attack can be initiated remotely. There is not any exploit available.
It is recommended to apply a patch to fix this issue.
A vulnerability categorized as critical has been discovered in Google Android. Affected by this issue is the function s2mpg11_pmic_probe of the file s2mpg11-regulator.c. Executing manipulation can lead to heap-based buffer overflow.
This vulnerability appears as CVE-2023-20949. The attack requires local access. There is no available exploit.
It is advisable to implement a patch to correct this issue.
A vulnerability was found in Google Android 11.0/12.0/13.0 and classified as critical. This affects the function onStart of the file BluetoothSwitchPreferenceController.java. Such manipulation leads to permission issues.
This vulnerability is referenced as CVE-2023-20946. It is possible to launch the attack remotely. No exploit is available.
Applying a patch is advised to resolve this issue.
A vulnerability was found in Google Android 12.0/13.0. It has been classified as problematic. This vulnerability affects the function dropFramesUntilIframe of the file AAVCAssembler.cpp. Performing manipulation results in out-of-bounds read.
This vulnerability is identified as CVE-2023-20948. The attack can be initiated remotely. There is not any exploit available.
It is suggested to install a patch to address this issue.
Also, Disney Pays $10M to Settle Child Privacy Case, Spain Scraps Huawei Deal This week, Jaguar hack, Disney settled a child privacy case, Texas sued PowerSchool and federal prosecutors sued a toy maker. Spain voided a Huawei contract, Pennsylvania AG confirmed a ransomware attack. U.S. immigration enforcement resumed a spyware contract and Baltimore lost $1.5 million to BEC.
Startup to Expand Dual-Use Tech, Tackle GPS Jamming Threats With Series C Funding With a $75 million Series C raise, Shift5 plans to scale its operational intelligence platform across military and commercial transportation. Its focus includes enhanced threat detection, predictive maintenance and data-driven safety measures amid rising cyberthreats to infrastructure.
Feds Ramp Up Enforcement of 21st Cures Act Regs Including Fines up to $1 Million The Department of Health and Human Services says it's "cracking down" on healthcare providers, health IT developers and health information networks that "block" the exchange, access and use of patients' electronic health data. Info blocking regulations have been on the books for years, so why now?
ACI Worldwide's Cleber Martins on Why Banks Need to Lead on AI Identity Governance The rise of agentic commerce is forcing the financial sector to reconsider traditional fraud controls. Automated transactions may follow all technical authorizations, but agentic AI tools lack an understanding of user intent. That disconnect could lead to a surge in first-party fraud.