Tagged: Cybersecurity Alert

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. More information : https://support.omadanetworks.com/en/document/108455/

A command injection vulnerability may be exploited after the admin’s authentication on the web portal on Omada gateways. More information : https://support.omadanetworks.com/en/document/108456/

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. More information : https://support.omadanetworks.com/en/document/108456/

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. More information : https://support.omadanetworks.com/en/document/108455/

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. More information : https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated...

Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. More information : https://azure-access.com/security-advisories

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application’s database through specially crafted SQL query strings. More information : https://gold-textbook-8ff.notion.site/Restaurant-Management-System-DBMS-project-SQL-injection-25985e97f35380b2922ad4ebe8c47639

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that...

Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis....

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44. More information : https://phabricator.wikimedia.org/T403291

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44. More information : https://phabricator.wikimedia.org/T405357

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44. More information : https://phabricator.wikimedia.org/T406380

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter. More information : https://gold-textbook-8ff.notion.site/php-education-management-Stored-XSS-Vulnerability-25985e97f35380018b9af0f4b678002c?pvs=73