Aggregator

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

Security Affairs
7 months ago
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi. Below […]
Pierluigi Paganini

CVE-2025-7791 | PHPGurukul Online Security Guards Hiring System 1.0 /admin/search.php searchdata cross site scripting

VulDB Recent Entries
7 months ago
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. This vulnerability was named CVE-2025-7791. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7790 | D-Link DI-8100 16.07.26A1 HTTP Request /menu_nat.asp out_addr/in_addr/out_port/proto stack-based overflow

VulDB Recent Entries
7 months ago
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-7790. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7789 | Xuxueli xxl-job up to 3.1.1 Token Generation IndexController.java makeToken weak password hash (Issue 3751)

VulDB Recent Entries
7 months ago
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. This vulnerability is handled as CVE-2025-7789. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7788 | Xuxueli xxl-job up to 3.1.1 SampleXxlJob.java commandJobHandler os command injection (Issue 3750)

VulDB Recent Entries
7 months ago
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-7788. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7787 | Xuxueli xxl-job up to 3.1.1 SampleXxlJob.java httpJobHandler server-side request forgery (Issue 3749)

VulDB Recent Entries
7 months ago
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-7787. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad