CVE-2025-27532 – “ctrlX OS Web Application Backup & Restore Authentication Bypass”

CVE ID : CVE-2025-27532

Published : April 30, 2025, 12:15 p.m. | 39 minutes ago

Description : A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4114 – Netgear JWNR2000 Buffer Overflow Vulnerability

CVE ID : CVE-2025-4114

Published : April 30, 2025, 12:15 p.m. | 39 minutes ago

Description : A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Distribution Release: AnduinOS 1.3.0

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. AnduinOS is an Ubuntu-based distribution which provides a GNOME desktop which has been themed and styled to resemble Windows 11. The project’s latest release, AnduinOS 1.3.0, is based on Ubuntu 25.04 and ships with GNOME 48. “AnduinOS 1.3 is released. This version is highly recommended [because] we first….

News & Updates

Revisiting Image Maps

I mentioned last time that I’ve been working on a new website for Emmy-award-winning game composer Mike Worth. He hired…

CISA Sounds the Alarm: Broadcom and Commvault Flaws Under Active Exploitation! ️

CISA Sounds the Alarm: Broadcom and Commvault Flaws Under Active Exploitation! ️

Photo by Mika Baumeister on UnsplashBuckle up, cybersecurity enthusiasts! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just dropped a bombshell by adding two critical vulnerabiliti …
Read more

Published Date:
Apr 30, 2025 (2 hours, 53 minutes ago)

Vulnerabilities has been mentioned in this article.

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access.

Read more

Published Date:
Apr 30, 2025 (2 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-22882 – Delta Electronics ISPSoft Buffer Overflow

CVE ID : CVE-2025-22882

Published : April 30, 2025, 8:15 a.m. | 38 minutes ago

Description : Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-22883 – Delta Electronics ISPSoft Out-Of-Bounds Write Vulnerability

CVE ID : CVE-2025-22883

Published : April 30, 2025, 8:15 a.m. | 38 minutes ago

Description : Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-22884 – Delta Electronics ISPSoft Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-22884

Published : April 30, 2025, 8:15 a.m. | 38 minutes ago

Description : Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46778 – Apache HTTP Server Denial of Service

CVE ID : CVE-2025-46778

Published : April 30, 2025, 3:15 a.m. | 3 hours, 58 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46779 – Apache HTTP Server HTTP Header Injection

CVE ID : CVE-2025-46779

Published : April 30, 2025, 3:15 a.m. | 3 hours, 58 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46780 – Apache HTTP Server Denial of Service

CVE ID : CVE-2025-46780

Published : April 30, 2025, 3:15 a.m. | 3 hours, 58 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3471 – “SureForms WordPress Plugin Unauthenticated Configuration Update”

CVE ID : CVE-2025-3471

Published : April 30, 2025, 6:15 a.m. | 57 minutes ago

Description : The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3953 – WordPress WP Statistics Unauthenticated Settings Modification Vulnerability

CVE ID : CVE-2025-3953

Published : April 30, 2025, 6:15 a.m. | 57 minutes ago

Description : The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘optionUpdater’ function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…