Aggregator

CVE-2025-54466 | Apache OFBiz up to 18.12.19 scrum Plugin code injection (EUVD-2025-25026 / WID-SEC-2025-1716)

Vuldb Updates
10 months ago
A vulnerability was found in Apache OFBiz. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component scrum Plugin. Performing manipulation results in code injection. This vulnerability was named CVE-2025-54466. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-53631 | DogukanUrker flaskBlog up to 2.8.1 POST Request /createpost cross site scripting

Vuldb Updates
10 months ago
A vulnerability, which was classified as problematic, has been found in DogukanUrker flaskBlog up to 2.8.1. Affected by this issue is some unknown functionality of the file /createpost of the component POST Request Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-53631. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-9052 | projectworlds Travel Management System 1.0 /updatepackage.php s1 sql injection

Vuldb Updates
10 months ago
A vulnerability was found in projectworlds Travel Management System 1.0. It has been declared as critical. Impacted is an unknown function of the file /updatepackage.php. Such manipulation of the argument s1 leads to sql injection. This vulnerability is referenced as CVE-2025-9052. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2025-9053 | projectworlds Travel Management System 1.0 /updatesubcategory.php t1/s1 sql injection

Vuldb Updates
10 months ago
A vulnerability was found in projectworlds Travel Management System 1.0. It has been rated as critical. The affected element is an unknown function of the file /updatesubcategory.php. Performing manipulation of the argument t1/s1 results in sql injection. This vulnerability is identified as CVE-2025-9053. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-36120 | IBM Storage Virtualize 8.4/8.5/8.6/8.7 SSH Session authorization (EUVD-2025-25123)

Vuldb Updates
10 months ago
A vulnerability, which was classified as very critical, was found in IBM Storage Virtualize 8.4/8.5/8.6/8.7. The impacted element is an unknown function of the component SSH Session Handler. The manipulation results in incorrect authorization. This vulnerability was named CVE-2025-36120. The attack may be performed from a remote location. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2024-49827 | IBM Concert Software up to 1.1.0 exposure of sensitive information due to incompatible policies

Vuldb Updates
10 months ago
A vulnerability has been found in IBM Concert Software up to 1.1.0 and classified as problematic. This affects an unknown function. This manipulation causes exposure of sensitive information due to incompatible policies. The identification of this vulnerability is CVE-2024-49827. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-27909 | IBM Concert Software up to 1.1.0 Trusted Domain cross-domain policy

Vuldb Updates
10 months ago
A vulnerability was found in IBM Concert Software up to 1.1.0. It has been classified as problematic. Affected is an unknown function of the component Trusted Domain Handler. Performing manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is identified as CVE-2025-27909. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-8362 | GoogleTag Manager up to 1.9.x on Drupal cross site scripting (trib-2025-094)

Vuldb Updates
10 months ago
A vulnerability was found in GoogleTag Manager up to 1.9.x on Drupal. It has been rated as problematic. The impacted element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8362. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2025-8675 | AI SEO Link Advisor up to 1.0.5 on Drupal server-side request forgery (sa-contrib-2025-095)

Vuldb Updates
10 months ago
A vulnerability described as critical has been identified in AI SEO Link Advisor up to 1.0.5 on Drupal. Affected by this issue is some unknown functionality. Executing manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2025-8675. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-54989 | FirebirdSQL Firebird up to 3.0.12/4.0.5/5.0.2 XDR Message null pointer dereference (ID 8554 / WID-SEC-2025-1857)

Vuldb Updates
10 months ago
A vulnerability was found in FirebirdSQL Firebird up to 3.0.12/4.0.5/5.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component XDR Message Handler. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-54989. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-9017 | PHPGurukul Zoo Management System 2.1 add-foreigner-ticket.php visitorname cross site scripting (EUVD-2025-24990)

Vuldb Updates
10 months ago
A vulnerability classified as problematic has been found in PHPGurukul Zoo Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/add-foreigner-ticket.php. Performing manipulation of the argument visitorname results in cross site scripting. This vulnerability is reported as CVE-2025-9017. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

AI gives ransomware gangs a deadly upgrade

Help Net Security
10 months ago

Ransomware continues to be the major threat to large and medium-sized businesses, with numerous ransomware gangs abusing AI for automation, according to Acronis. Ransomware gangs maintain pressure on victims From January to June 2025, the number of publicly reported ransomware victims jumped 70% compared to the same period in both 2023 and 2024. February stood out as the worst month, with 955 reported cases. Cl0p alone was responsible for 335 of those cases, a 300% … More →

The post AI gives ransomware gangs a deadly upgrade appeared first on Help Net Security.

Sinisa Markovic

Windows Docker Desktop Vulnerability Allows Full Host Compromise

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 months ago

A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3 released in August 2025. CVE Details CVE ID CVE-2025-9074 CVSS Score Critical (Estimated 9.0+) Affected […]

The post Windows Docker Desktop Vulnerability Allows Full Host Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Managed ad