Aggregator

A vulnerability identified as critical has been detected in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is documented as CVE-2025-12325. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. This vulnerability is reported as CVE-2025-12326. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2025-12327. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-12328. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-12329. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. This vulnerability is cataloged as CVE-2025-12330. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-12331. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Food Ordering System 1.0. It has been classified as critical. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. This vulnerability is known as CVE-2025-12314. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A sophisticated new Android malware family called GhostGrab is actively targeting mobile users with a dual-monetization strategy that combines covert cryptocurrency mining with comprehensive financial data theft. GhostGrab functions as a multifaceted threat that systematically harvests banking credentials, debit card details, personal identification information, and one-time passwords through SMS interception. According to analysis by CYFIRMA, […]

The post New GhostGrab Android Malware Silently Steals Banking Login Details and Intercept SMS for OTPs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

中国共产党第二十届中央委员会第四次全体会议深入分析国际国内形势，就制定国民经济和社会发展“十五五”规划提出以下建议。

习近平：关于《中共中央关于制定国民经济和社会发展第十五个五年规划的建议》的说明

The September attack on the embassy of a European nation in New Delhi has exposed the scale of

The post Stealth APT: SideWinder Uses PDF Exploit to Target South Asian Diplomats appeared first on Penetration Testing Tools.

阿尔巴尼亚总理 Edi Rama 在柏林举行的 Global Dialogue (BGD) 上宣称，该国的 AI 部长 Diella 怀孕了，而且怀了 83 个 AI 孩子。Rama 是在上个月宣布了旨在打击腐败、负责公共采购的新部长 Diella。Diella 在阿尔巴尼亚语中意思是“太阳”，它是在今年 1 月首次作为虚拟助手在 e-Albania 平台上线，其形象是一位身穿传统服饰的女性。Rama 称 Diella 的 83 个孩子将担任执政党社民党的 83 名议员的虚拟助手。

Midway through this year, specialists at Arctic Wolf uncovered a sprawling malicious campaign that spread across South America,

The post The Invisible Threat: Caminho Loader Hides Malware in Image Pixels appeared first on Penetration Testing Tools.

The Coveware report on ransomware activity for the third quarter of 2025 paints a paradoxical picture. On one

The post The Ransomware Paradox: Payments Plummet to 23% as Insider Bribery Surges appeared first on Penetration Testing Tools.

OpenAI привлекла 170 психологов, чтобы модель не советовала ерунду при суицидальных мыслях и мании.

The widespread confidence among companies in their own cyber resilience is colliding with a new wave of threats

The post Cyber-Confidence Crisis: 95% of Firms Confident, Yet Only 15% Fully Recover from Ransomware appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.154/6.6.108/6.12.49/6.16.9. Affected by this issue is some unknown functionality of the component af_alg. Executing manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2025-40022. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.9. This affects an unknown part of the component vf. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2025-40023. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.