Daniel Miessler on the AI Attack/Defense Balance

His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if you’re...

CVE-2025-10345

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...

CVE-2025-10345

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...

CVE-2025-10345

CVE-2025-10345 affects Perfex CRM in version 3.2.1. The issue is a stored HTML injection caused by insufficient validation of user input in the POST request to /admin/leads/lead, with malicious HTML supplied via the name and address parameters. Impact is described as stored HTML injection; exploi...

CVE-2025-10345 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...

PT-2025-39818

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. The issue occurs when sending a POST request to the /admin/leads/lead endpoint with...

roncoo-pay 授权问题漏洞

roncoo-pay roncoo payment system is an open source Internet payment system by Lead Class Network RonCoo. An authorization issue vulnerability exists in roncoo-pay, which stems from improper authorization of unknown functions in the file /user/info/lookupList, which could lead to a remote attack...

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence AI agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management CRM tool by means of an indirect promp...

CVE-2025-40687

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'...

CVE-2025-40693 Cross Site Scripting in PHPGurukul Online Fire Reporting System

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the...

Online Fire Reporting System 跨站脚本漏洞

Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in Online Fire Reporting System version 1.2, which stems from insufficient input validation of the GET parameter tname and the POST...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system developed by Carlo Montero. A SQL injection vulnerability exists in Online Fire Reporting System version 1.2, which stems from incorrect manipulation of the parameters mobilenumber, teamleadname, and teammember in the file...

CVE-2025-58809

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-58809

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

CVE-2025-58809

CVE-2025-58809 affects the WordPress plugin “To Lead For Salesforce.” The vulnerability is a Cross-Site Request Forgery (CSRF) vulnerability that can also enable a reflected XSS. Affected versions are listed as n/a through 2.7.3.9. Remediation per sources is to update to a version later than 2.7....

CVE-2025-58809 WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

CVE-2025-58809 WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

PT-2025-36148

Name of the Vulnerable Software and Affected Versions: To Lead For Salesforce versions n/a through 2.7.3.9 Description: A Cross-Site Request Forgery CSRF vulnerability exists in To Lead For Salesforce, which also allows Reflected Cross-Site Scripting XSS. Recommendations: Update To Lead For...

WordPress plugin To Lead For Salesforce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...