Aggregator

Submit #496669 / VDB-294356

A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation of the argument course_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. This vulnerability is handled as CVE-2025-1188. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-1187. Attacking locally is a requirement. Furthermore, there is an exploit available.

Submit #496452 / VDB-295095

A vulnerability, which was classified as problematic, has been found in code-projects Police FIR Record Management System 1.0. This issue affects some unknown processing of the component Add Record Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-1164. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #496409 / VDB-295094

近期，火绒威胁情报中心监测到一款Chat_AI浏览器正在广泛传播并释放病毒。目前，火绒安全产品支持查杀由网页下载的伪造浏览器，且能够识别并阻止来源不明的应用安装或执行，从而保障用户系统的安全，请广大用户及时更新病毒库以提高防御能力。

A vulnerability classified as critical has been found in TP-Link Tapo C500 V1 Wi-Fi Camera and Tapo C500 V2 Wi-Fi Camera. Affected is an unknown function of the component RSA Private Key Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2025-1099. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Kelio Visio 1, Visio X7 and Visio X4 up to 5.1K. It has been rated as problematic. This issue affects some unknown processing of the file /PageLoginVisio.do of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-1175. The attack may be initiated remotely. There is no exploit available.

Submit #495921 / VDB-295093

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique known as Bring Your Own Trusted Binary (BYOTB). This method leverages legitimate, trusted binaries to evade detection by advanced security measures such as Endpoint Detection and Response (EDR) systems and firewalls. The findings, presented by cybersecurity researcher David Kennedy of Jumpsec […]

The post New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since at least 2013, XE Group is a cybercriminal group focused on credit card skimming and […]

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server (GHES), allowing attackers to bypass SAML authentication and impersonate other user accounts. This flaw exploits quirks in the libxml2 library used during SAML response validation, enabling unauthorized access to accounts, including those with administrative privileges. The vulnerability arises from improper handling […]

The post SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to Windows systems. This malware, known for its espionage capabilities and modular design, is being leveraged by cybercriminals to exfiltrate sensitive data, control infected systems, and maintain persistence using advanced techniques. A recent analysis of a NanoCore sample (MD5 hash: 18B476D37244CB0B435D7B06912E9193) sheds […]

The post NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool widely used by eCommerce websites, to deploy malicious scripts designed to steal credit card information. This attack vector, often referred to as Magecart or e-skimming, has been observed targeting platforms like Magento, WordPress, and OpenCart, among others. The abuse of GTM […]

The post Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. This vulnerability is traded as CVE-2025-1170. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. This vulnerability was named CVE-2025-1163. An attack has to be approached locally. Furthermore, there is an exploit available.