#windows

i2soft CMS version 2.0 suffers from an insecure direct object reference vulnerability.

helloGTX Travel Portal CRM version 1.6 suffers from an insecure direct object reference vulnerability.

FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Easy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.

Easy Password Manager version 1.1 suffers from an administrative information disclosure vulnerability.

Easy Member Pro version 3.0 suffers from an insecure direct object reference vulnerability.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation's critical infrastructure," Kurt Baumgartner, principal security researcher at