CVE ID : CVE-2025-43861

Published : April 24, 2025, 9:15 p.m. | 48 minutes ago

Description : ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the “Review Changes” dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Galene (or Galène) is a videoconference server (an “SFU”) that is easy to deploy and that requires very moderate server…

Daikhan is billed as a media player for the modern desktop. The post Daikhan – video and music player appeared…

Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed

Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows.
De …
Read more

Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released

A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform.
The vulnerability, tracked as CVE-2025-34028, could allow attackers to …
Read more

Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-34028

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been up …
Read more

Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-34028

Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability

Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (C …
Read more

Published Date:
Apr 24, 2025 (4 hours, 58 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32433

Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication

A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication.
The …
Read more

Published Date:
Apr 24, 2025 (3 hours, 59 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-1732

CVE-2025-1731

Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released

A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue.
The …
Read more

Published Date:
Apr 24, 2025 (3 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-6235

Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell

Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances.
The attacks, occurring around December 20 …
Read more

Published Date:
Apr 24, 2025 (3 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-22457

CVE-2025-0282

NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code

There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering.
The sec …
Read more

Published Date:
Apr 24, 2025 (3 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23251

CVE-2025-23250

CVE-2025-23249

New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT

Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files.
This attack chain leverag …
Read more

Published Date:
Apr 24, 2025 (2 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2017-0199

CVE ID : CVE-2025-39377

Published : April 24, 2025, 4:15 p.m. | 3 hours, 8 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46248

Published : April 24, 2025, 4:15 p.m. | 3 hours, 8 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46264

Published : April 24, 2025, 4:15 p.m. | 3 hours, 8 minutes ago

Description : Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46521

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Silver Muru WS Force Login Page allows Stored XSS. This issue affects WS Force Login Page: from n/a through 3.0.3.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46522

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46523

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers allows Stored XSS. This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through 1.5.1.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46524

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46525

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in msmitley WP Cookie Consent allows Stored XSS. This issue affects WP Cookie Consent: from n/a through 1.0.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…