==========================
== Gharib Personal Blog ==
==========================
A Techi Personal Blog

CVE-2025-2609 - MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE-2025-2609 - MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-2609 Published : March 21, 2025, 11:15 p.m. | 15 hours, 3 minutes ago Description : Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is

CVE ID : CVE-2025-2609
Published : March 21, 2025, 11:15 p.m. | 15 hours, 3 minutes ago
Description : Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-2610 - MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE-2025-2610 - MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-2610 Published : March 21, 2025, 11:15 p.m. | 14 hours, 10 minutes ago Description : Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0. Severity: 7.6

CVE ID : CVE-2025-2610
Published : March 21, 2025, 11:15 p.m. | 14 hours, 10 minutes ago
Description : Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-26500 - VxWorks USB Uncontrolled Resource Consumption Vulnerability

CVE-2025-26500 - VxWorks USB Uncontrolled Resource Consumption Vulnerability

CVE ID : CVE-2025-26500 Published : March 21, 2025, 11:15 p.m. | 5 hours, 31 minutes ago Description : : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03. Severity:

CVE ID : CVE-2025-26500
Published : March 21, 2025, 11:15 p.m. | 5 hours, 31 minutes ago
Description : : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.   Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

Moving Software Down to Hardware

Moving Software Down to Hardware

In theory, any piece of software could be built out of discrete pieces of hardware, provided there are enough transistors, passive components, and time available. In general, though, we’re much …read more

In theory, any piece of software could be built out of discrete pieces of hardware, provided there are enough transistors, passive components, and time available. In general, though, we’re much …read more

Source

CVE-2025-2608 - PHPGurukul Banquet Booking System SQL Injection Vulnerability

CVE-2025-2608 - PHPGurukul Banquet Booking System SQL Injection Vulnerability

CVE ID : CVE-2025-2608 Published : March 21, 2025, 10:15 p.m. | 6 hours, 31 minutes ago Description : A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It

CVE ID : CVE-2025-2608
Published : March 21, 2025, 10:15 p.m. | 6 hours, 31 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-30204 - golang-jwt Denial of Service DoS

CVE-2025-30204 - golang-jwt Denial of Service DoS

CVE ID : CVE-2025-30204 Published : March 21, 2025, 10:15 p.m. | 6 hours, 31 minutes ago Description : golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result,

CVE ID : CVE-2025-30204
Published : March 21, 2025, 10:15 p.m. | 6 hours, 31 minutes ago
Description : golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function’s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-2604 - SourceCodester Kortex Lite Advocate Office Management System SQL Injection

CVE-2025-2604 - SourceCodester Kortex Lite Advocate Office Management System SQL Injection

CVE ID : CVE-2025-2604 Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago Description : A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID

CVE ID : CVE-2025-2604
Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago
Description : A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-2606 - SourceCodester Best Church Management Software File Upload Vulnerability

CVE-2025-2606 - SourceCodester Best Church Management Software File Upload Vulnerability

CVE ID : CVE-2025-2606 Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago Description : A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument

CVE ID : CVE-2025-2606
Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago
Description : A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-2607 - LzCMS-LaoZhangBoKeXiTong Unrestricted File Upload Vulnerability

CVE-2025-2607 - LzCMS-LaoZhangBoKeXiTong Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-2607 Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago Description : A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request

CVE ID : CVE-2025-2607
Published : March 21, 2025, 9:15 p.m. | 7 hours, 30 minutes ago
Description : A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

Mission Texas expects ransomware impact to last months

Mission Texas expects ransomware impact to last months

Matt Wilson reports: The city of Mission expects the fallout from a debilitating ransomware attack last month to have an impact for months. The city said so in correspondence last Thursday seeking an attorney general’s opinion allowing it to withhold contracts with outside cybersecurity experts and legal council asked for

Matt Wilson reports: The city of Mission expects the fallout from a debilitating ransomware attack last month to have an impact for months. The city said so in correspondence last Thursday seeking an attorney general’s opinion allowing it to withhold contracts with outside cybersecurity experts and legal council asked for by the Progress Times through…

Read more...
Previous Page 5 of 576 Next Page