A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7754: SQL Injection in code-projects Patient Record Management System affecting code-projects Patient Record Management Syst

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

Katz Stealer is a sophisticated infostealer marketed as Malware-as-a-Service (MaaS), launched in early 2025. It features robust credential and data theft capabilities, along with modern evasion and anti-analysis techniques. The stealer targets a wide range of personal and sensitive information, including passwords, cryptocurrency keys, and browser session data. Operated through a web-based management panel, Katz Stealer allows affiliates to generate custom payloads and manage stolen data. Its infection chain involves obfuscated JavaScript droppers, steganography, and process hollowing techniques. The malware focuses heavily on browser data theft and cryptocurrency wallet targeting, with the ability to bypass some browser security measures.

AlienVault OTX General

Detailed information about Powerful MaaS On the Prowl for Credentials and Crypto Assets. Get real-time updates, technical details, and mitigation strategies.

Powerful MaaS On the Prowl for Credentials and Crypto Assets - Live Threat Intelligence - Threat Radar | OffSeq.com

Powerful MaaS On the Prowl for Credentials and Crypto Assets

Between March and June 2025, three Chinese state-sponsored threat actors conducted targeted phishing campaigns against the Taiwanese semiconductor industry. The campaigns targeted organizations involved in semiconductor manufacturing, design, testing, supply chain, and financial analysis. This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains. The threat actors used various tactics including job application lures, investment collaboration pitches, and credential phishing. They deployed custom malware like Voldemort backdoor and HealthKick, as well as tools like Cobalt Strike. The targeting extended beyond semiconductor companies to include financial analysts specializing in the Taiwanese semiconductor market, indicating comprehensive intelligence collection efforts across the sector.

Detailed information about Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting. Get real-time updates, technical det

Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting - Live Threat Intelligence - Threat Radar | OffSeq.com

Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7753 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Online Appointment Booking System. The vulnerability exists in the /admin/adddoctor.php file, specifically through the manipulation of the 'Username' parameter. This flaw allows an unauthenticated remote attacker to inject malicious SQL code into the backend database queries. Because the vulnerability does not require any authentication or user interaction, it can be exploited remotely by simply sending crafted requests to the vulnerable endpoint. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the appointment booking system's data. Although the CVSS 4.0 score is 6.9 (medium severity), the classification as critical in the description likely reflects the potential impact on sensitive healthcare-related data and administrative functions. The vulnerability has been publicly disclosed, but there are no known exploits in the wild at this time. No official patches have been released yet, increasing the urgency for mitigation. The lack of secure coding practices in input validation and sanitization in the affected parameter is the root cause of this vulnerability.

Detailed information about CVE-2025-7753: SQL Injection in code-projects Online Appointment Booking System affecting code-projects Online Appointment Booking Sy

CVE-2025-7753: SQL Injection in code-projects Online Appointment Booking System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7753: SQL Injection in code-projects Online Appointment Booking System

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Detailed information about CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices affecting NVIDIA Jetson

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices

Description

Technical Details

Related Threats

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

CVE-2025-7753: SQL Injection in code-projects Online Appointment Booking System

CVE-2025-46102: n/a

CVE-2025-34125: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in D-Link DSP-W110A1

CVE-2025-7752: SQL Injection in code-projects Online Appointment Booking System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility