Aggregator

CVE-2025-8342 | WooCommerce OTP Login with Phone Number, OTP Verification Plugin lwp_ajax_register improper authentication (EUVD-2025-24963)

Vuldb Updates
1 month ago
A vulnerability was found in WooCommerce OTP Login with Phone Number, OTP Verification Plugin up to 1.8.47 on WordPress. It has been classified as critical. Affected is the function lwp_ajax_register. The manipulation of the argument empty leads to improper authentication. This vulnerability is traded as CVE-2025-8342. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-8993 | itsourcecode Online Tour and Travel Management System 1.0 expense_report.php from_date sql injection (EUVD-2025-24956)

Vuldb Updates
1 month ago
A vulnerability, which was classified as critical, was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8993. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

The Hackers News
1 month ago
Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject
The Hacker News

Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot

Cyber Security News
1 month ago

A sophisticated new malware campaign targeting Windows systems has emerged, employing a multi-stage framework dubbed “PS1Bot” that combines PowerShell and C# components to conduct extensive information theft operations. The malware represents a significant evolution in attack methodologies, utilizing modular architecture and in-memory execution techniques to evade traditional detection mechanisms while maintaining persistent access to compromised […]

The post Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot appeared first on Cyber Security News.

Tushar Subhra Dutta

How military leadership prepares veterans for cybersecurity success

Help Net Security
1 month ago

In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity. Drawing on habits such as disciplined preparation, blunt honesty, and adaptive decision-making, veterans bring a blend of defensive and offensive planning skills to high-stakes cyber operations. Their leadership experience fosters trust, cohesion, and problem-solving, qualities that can transform … More →

The post How military leadership prepares veterans for cybersecurity success appeared first on Help Net Security.

Mirko Zorz

New HTTP/2 MadeYouReset Vulnerability Enables Large-Scale DDoS Attacks

Cyber Security News
1 month ago

Security researchers have identified a new denial-of-service (DoS) vulnerability in HTTP/2 implementations, referred to as MadeYouReset (CVE-2025-8671). This discovery represents a notable escalation in the threats associated with web protocols. Publicly disclosed on August 13, 2025, this flaw allows attackers to bypass built-in concurrency limits, overwhelming servers with unbounded concurrent requests and potentially crashing systems […]

The post New HTTP/2 MadeYouReset Vulnerability Enables Large-Scale DDoS Attacks appeared first on Cyber Security News.

Guru Baran

CVE-2021-27921 | Pillow up to 8.1.0 BLP Container memory allocation (Nessus ID 236661)

Vuldb Updates
1 month ago
A vulnerability has been found in Pillow up to 8.1.0 and classified as problematic. This vulnerability affects unknown code of the component BLP Container. The manipulation leads to uncontrolled memory allocation. This vulnerability was named CVE-2021-27921. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-27922 | Pillow up to 8.1.0 Image memory allocation (Nessus ID 236661)

Vuldb Updates
1 month ago
A vulnerability was found in Pillow up to 8.1.0 and classified as problematic. This issue affects some unknown processing of the component Image Handler. The manipulation leads to uncontrolled memory allocation. The identification of this vulnerability is CVE-2021-27922. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-27923 | Pillow up to 8.1.0 ICO Container memory allocation (Nessus ID 236661)

Vuldb Updates
1 month ago
A vulnerability was found in Pillow up to 8.1.0. It has been classified as problematic. Affected is an unknown function of the component ICO Container Handler. The manipulation leads to uncontrolled memory allocation. This vulnerability is traded as CVE-2021-27923. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8975 | givanz Vvveb up to 1.0.5 edit.tpl slug cross site scripting

Vuldb Updates
1 month ago
A vulnerability, which was classified as problematic, was found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8975. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8976 | givanz Vvveb up to 1.0.5 Endpoint post&type=post cross site scripting

Vuldb Updates
1 month ago
A vulnerability has been found in givanz Vvveb up to 1.0.5 and classified as problematic. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-8976. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8979 | Tenda AC15 15.13.07.13 Firmware Update check_fw_type/split_fireware/check_fw data authenticity

Vuldb Updates
1 month ago
A vulnerability was found in Tenda AC15 15.13.07.13. It has been declared as critical. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2025-8979. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad