Aggregator

A vulnerability was found in bitpressadmin Contact Form Builder Plugin up to 2.10.1 on WordPress. It has been declared as problematic. This vulnerability affects the function bitforms_update_form_entry. The manipulation leads to authorization bypass. This vulnerability was named CVE-2024-1640. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. This vulnerability is known as CVE-2023-1030. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #546164 / VDB-303170

Submit #548985 / VDB-303169

A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. This vulnerability affects unknown code. The manipulation of the argument redirect leads to open redirect. This vulnerability was named CVE-2025-2980. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #546128 / VDB-303166

我们很多时候都轻视了任意文件读取漏洞，让我们一起从CVE-2025-30208深入看任意文件读取漏洞利用场景，从任意文件读取漏洞到GetShell！

我们很多时候都轻视了任意文件读取漏洞，让我们一起从CVE-2025-30208深入看任意文件读取漏洞利用场景，从任意文件读取漏洞到GetShell！

我们很多时候都轻视了任意文件读取漏洞，让我们一起从CVE-2025-30208深入看任意文件读取漏洞利用场景，从任意文件读取漏洞到GetShell！

我们很多时候都轻视了任意文件读取漏洞，让我们一起从CVE-2025-30208深入看任意文件读取漏洞利用场景，从任意文件读取漏洞到GetShell！

我们很多时候都轻视了任意文件读取漏洞，让我们一起从CVE-2025-30208深入看任意文件读取漏洞利用场景，从任意文件读取漏洞到GetShell！

Submit #545964 / VDB-303165

Submit #545962 / VDB-303164

Submit #545961 / VDB-303163

Submit #545960 / VDB-303162

Submit #545934 / VDB-303161

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up with a confirmation by updating the security advisory covering CVE-2024-20439 and CVE-2024-20440, an information disclosure flaw in the same software. “In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of … More →

The post Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) appeared first on Help Net Security.

Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to trigger denial-of-service (DoS) conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware models across enterprise networks. Vulnerability Overview Exploiting this bug requires valid VPN credentials. Attackers can […]

The post Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #545895 / VDB-303160

Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting Android devices. This variant has been found pre-installed in the firmware of counterfeit smartphones mimicking popular models, often sold at discounted prices through unauthorized online stores. The malware poses significant risks to users, with more than 2,600 cases reported globally, […]

The post New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.