Tagged: Cybersecurity Alert

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user’s session identifier prior to authentication. When the victim logs in, the...

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL...

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). More information : https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63520.md

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function More information : https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63522.md

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as “read-only.” An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes....

Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025. More information : https://www.usom.gov.tr/bildirim/tr-25-0422

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. More information : https://support.zabbix.com/browse/ZBX-27284

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. More information : https://support.zabbix.com/browse/ZBX-27283

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses More information : https://community.openvpn.net/Security%20Announcements/CVE-2025-12106

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss. More information : https://support.zabbix.com/browse/ZBX-27282

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common...

Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025. More information : https://www.usom.gov.tr/bildirim/tr-25-0421

Reflected Cross-site Scripting (XSS) vulnerability in Sanoma’s Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL in ‘/students/carpetes_varies.php’. This vulnerability can be exploited...

Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component...