#php

WordPress IDonate Blood Request Management System plugin versions 1.8.1 and below suffer from a persistent cross site scripting vulnerability.

Blood Bank version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.

Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

Hospital Management System version 1.0 suffers from insecure direct object reference and account takeover vulnerabilities.

Hospital Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability.

Automatic-Systems SOC FL9600 FastLine version V06 suffers from a directory traversal vulnerability.

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.