A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-6960: SQL Injection in Campcodes Employee Management System affecting Campcodes Employee Management System. Get real-time up

CVE-2025-6960: SQL Injection in Campcodes Employee Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6960: SQL Injection in Campcodes Employee Management System

A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-6959: SQL Injection in Campcodes Employee Management System affecting Campcodes Employee Management System. Get real-time up

CVE-2025-6959: SQL Injection in Campcodes Employee Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6959: SQL Injection in Campcodes Employee Management System

Abusing Chrome Remote Desktop on Red Team Operations

Source: https://trustedsec.com/blog/abusing-chrome-remote-desktop-on-red-team-operations-a-practical-guide

The threat described involves the abuse of Chrome Remote Desktop (CRD) in the context of red team operations. Chrome Remote Desktop is a legitimate remote access tool developed by Google that allows users to remotely control another computer through the Chrome browser or a Chromebook. While CRD is designed for legitimate remote support and administration, adversaries can misuse it to maintain persistent, stealthy access to compromised systems. The abuse typically involves an attacker gaining initial access to a target environment and then installing or enabling CRD to establish a covert remote control channel. This method can bypass traditional remote access detection mechanisms because CRD traffic is encrypted and often whitelisted as legitimate by network defenses. The practical guide referenced likely details techniques for deploying CRD stealthily, evading detection, and leveraging it for lateral movement or data exfiltration during red team engagements or malicious intrusions. Although no specific vulnerable versions or exploits are mentioned, the threat lies in the misuse of a legitimate tool rather than a software vulnerability. This form of abuse is part of a broader trend where attackers leverage trusted software to blend in with normal network activity, complicating incident response and detection efforts.

Reddit NetSec

Detailed information about Abusing Chrome Remote Desktop on Red Team Operations. Get real-time updates, technical details, and mitigation strategies.

Abusing Chrome Remote Desktop on Red Team Operations - Live Threat Intelligence - Threat Radar | OffSeq.com

Abusing Chrome Remote Desktop on Red Team Operations

Reddit Discussion: Abusing Chrome Remote Desktop on Red Team Operations

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a user's account. With a specially timed requests and redirect flows, an attacker could generate multiple authorization codes that could be used to exchange for access and refresh tokens. This was possible even after de-authorizing the particular application. This issue has been patched in version 25.5.0. Self-hosted Sentry users should upgrade to version 25.5.0 or higher. Sentry SaaS users do not need to take any action.

Detailed information about CVE-2025-53099: CWE-288: Authentication Bypass Using an Alternate Path or Channel in getsentry sentry affecting getsentry sentry. Get

CVE-2025-53099: CWE-288: Authentication Bypass Using an Alternate Path or Channel in getsentry sentry - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53099: CWE-288: Authentication Bypass Using an Alternate Path or Channel in getsentry sentry

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

Detailed information about CVE-2025-50641: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50641: n/a

CVE-2025-50641: n/a

Description

Technical Details

Related Threats

CVE-2025-6960: SQL Injection in Campcodes Employee Management System

CVE-2025-6959: SQL Injection in Campcodes Employee Management System

CVE-2025-53099: CWE-288: Authentication Bypass Using an Alternate Path or Channel in getsentry sentry

CVE-2025-34064: CWE-668 Exposure of Resource to Wrong Sphere in One Identity OneLogin Active Directory Connector (ADC)

CVE-2025-34063: CWE-290 Authentication Bypass by Spoofing in One Identity OneLogin Active Directory Connector (ADC)

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility