Speedify VPN macOS Vulnerability Let Attackers Escalate Privilege
A significant security vulnerability, tracked as CVE-2025-25364, was discovered in Speedify VPN’s macOS application, exposing users to local privilege escalation and full system compromise.
The flaw, …
Read more
Published Date:
Apr 21, 2025 (1 hour, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-25228
Published : April 21, 2025, 8:15 a.m. | 2 hours, 41 minutes ago
Description : A SQL injection in VirtueMart component 1.0.0 – 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3837
Published : April 21, 2025, 10:15 a.m. | 41 minutes ago
Description : An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3838
Published : April 21, 2025, 10:15 a.m. | 41 minutes ago
Description : An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3840
Published : April 21, 2025, 10:15 a.m. | 41 minutes ago
Description : An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Media Player Classic Qute Theater uses libmpv’s powerful media presentation framework to play video instead of DirectShow. The post Media…
FunOS si conferma come una delle distribuzioni GNU/Linux più apprezzate da chi cerca velocità, leggerezza e affidabilità. Il 20 aprile…
tracker is a terminal-based real-time satellite tracking and orbit prediction application. It’s written in Rust. The post tracker offers real-time…
Il panorama della sicurezza informatica in ambito open-source sta vivendo una fase di allarme crescente, come evidenziato dai più recenti…
Vpn-accounts op SonicWall-gateways sinds januari doelwit van aanvallen
Vpn-accounts op SonicWall-gateways zijn sinds januari het doelwit van aanvallen, zo stelt securitybedrijf Arctic Wolf. Mogelijk combineren de aanvallers gecompromitteerde vpn-accounts met een vier jaa …
Read more
Published Date:
Apr 19, 2025 (1 day, 20 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-20035
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices.
Researchers at …
Read more
Published Date:
Apr 19, 2025 (1 day, 16 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE-2025-32445 Privilege Escalation Flaw in Argo Events
CVE-2025-32445 is a critical privilege escalation vulnerability affecting Argo Events, an event-driven workflow automation framework designed for Kubernetes environments. The flaw enables users with p …
Read more
Published Date:
Apr 19, 2025 (1 day, 16 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32445
Operation ForumTroll Detailed out
Operation ForumTroll is a sophisticated Advanced Persistent Threat (APT) campaign that exploits a zero-day vulnerability (CVE-2025-2783) in Google Chrome. This operation was uncovered in March 2025 an …
Read more
Published Date:
Apr 19, 2025 (1 day, 16 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32445
CVE-2025-2783
Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia
Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and Russia after years of silence. Learn about its new tactics and modu …
Read more
Published Date:
Apr 19, 2025 (1 day, 9 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-40449
Cyber Security News Letter: Key Updates on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, where we provide the latest updates and critical insights from the swiftly changing realm of cybersecurity.This edition focuses on new threats and the …
Read more
Published Date:
Apr 21, 2025 (6 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31201
CVE-2025-31200
CVE-2025-20236
CVE-2025-30100
CVE-2025-24859
CVE-2025-24076
CVE-2025-24054
CVE-2021-20035
GitHub Enterprise Server Vulnerabilities Allows Arbitrary Code Execution
GitHub has issued urgent security updates for its Enterprise Server product after discovering multiple high-severity vulnerabilities, including a critical flaw (CVE-2025-3509) that allows attackers to …
Read more
Published Date:
Apr 21, 2025 (4 hours, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3509
CVE-2025-3246
CVE-2025-3124
CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3821
Published : April 20, 2025, 4:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0632
Published : April 21, 2025, 6:15 a.m. | 40 minutes ago
Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.
This issue affects Rock Maker Web: from 3.2.1.1 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…