Aggregator

Submit #674490 / VDB-330123

Submit #674485 / VDB-330122

Submit #674484 / VDB-330121

Submit #674483 / VDB-330120

A vulnerability described as problematic has been identified in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-12332. The attack may be performed from remote. In addition, an exploit is available.

Threat actors have launched a significant mass exploitation campaign targeting critical vulnerabilities in two popular WordPress plugins, GutenKit and Hunk Companion, affecting hundreds of thousands of websites globally. These vulnerabilities, discovered in September and October 2024, have resurfaced as an active threat in October 2025, demonstrating the persistent danger of unpatched installations. The attack vectors […]

The post Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild appeared first on Cyber Security News.

Submit #674457 / VDB-330119

Submit #674456 / VDB-330119

The world’s first global convention to prevent and respond to cybercrime opened for signature today in Hanoi, Vietnam, and will remain open at United Nations Headquarters in New York until 31 December 2026. Adopted by the UN General Assembly in December 2024, the UN Convention against Cybercrime will enter into force 90 days after its 40th ratification. Once in force, a Conference of the States Parties will meet periodically to strengthen national capacities, enhance cooperation, … More →

The post 72 states sign first global UN Convention against Cybercrime appeared first on Help Net Security.

A vulnerability marked as problematic has been reported in TheGreenBow VPN Client Windows Enterprise 7.5/7.6. The impacted element is an unknown function of the component OCSP Certificate Handler. Performing manipulation results in improper check for certificate revocation. This vulnerability is reported as CVE-2025-11955. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Disenno de Recursos Educativos Virtual Campus Platform. The affected element is an unknown function of the file /catalogo_c/catalogo.php of the component POST Request Handler. Such manipulation of the argument buscame leads to sql injection. This vulnerability is documented as CVE-2025-41009. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-12331. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. This vulnerability is cataloged as CVE-2025-12330. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #674439 / VDB-330116

Submit #674404 / VDB-330115

HashiCorp has disclosed two critical vulnerabilities in Vault and Vault Enterprise that could enable attackers to bypass authentication mechanisms and launch denial-of-service attacks against infrastructure. The first vulnerability, identified under Bulletin ID HCSEC-2025-31, stems from a regression in how Vault processes JSON payloads. According to HashiCorp’s disclosure published on October 23, 2025, the vulnerability allows […]

The post Critical HashiCorp Vault Vulnerabilities Allow Authentication Bypass and DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.