CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3821
Published : April 20, 2025, 4:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0632
Published : April 21, 2025, 6:15 a.m. | 40 minutes ago
Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.
This issue affects Rock Maker Web: from 3.2.1.1 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
A common class of bad code is the code which mixes server side code with client side code. This kind…
From dead-end jobs to intuition, this guide explains why a ‘no’ doesn’t lead to a negative experience. Easy to Use…
Zentyal Server is a unified network server that offers easy computer network administration for small and medium-size businesses. The post…
Asus waarschuwt voor kritieke AiCloud-kwetsbaarheid in wifi-routers
Asus waarschuwt voor een kritieke AiCloud-kwetsbaarheid die in verschillende wifi-routers aanwezig is en heeft firmware-updates uitgebracht om het probleem te verhelpen. Via AiCloud kunnen gebruikers …
Read more
Published Date:
Apr 19, 2025 (1 day, 15 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
Critical Meshtastic RCE Vulnerability (CVE-2025-24797) Requires Urgent Update
A critical security vulnerability has been disclosed in Meshtastic, the open-source LoRa mesh networking platform known for enabling long-range, low-power communication without cellular or internet co …
Read more
Published Date:
Apr 21, 2025 (1 hour, 34 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24797
APT41/RedGolf Infrastructure Briefly Exposed: Fortinet Zero-Days Targeted Shiseido
In a rare window into the operations of an advanced persistent threat, a KeyPlug-linked infrastructure briefly went live, exposing tools and scripts tied to APT41/RedGolf operations. The server, activ …
Read more
Published Date:
Apr 21, 2025 (1 hour, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24797
CVE-2025-31103
CVE-2025-0108
CVE-2024-23109
CVE-2024-23108
CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild
A severe security vulnerability has been identified in Active! mail, a product of QUALITIA CO., LTD., posing a significant risk to affected systems. The Japan Computer Emergency Response Team (JPCERT) …
Read more
Published Date:
Apr 21, 2025 (1 hour, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-42599
Larva-24005: Kimsuky’s Global Cyber Espionage Campaign Exploits RDP and Office Flaws
A new cybersecurity report from the AhnLab Security intelligence Center (ASEC) has shed light on a recently identified operation linked to the notorious Kimsuky group. Dubbed “Larva-24005,” this campa …
Read more
Published Date:
Apr 21, 2025 (1 hour, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-42599
CVE-2019-0708
CVE-2017-11882
CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update
ASUS has released a firmware update addressing a critical-severity vulnerability—CVE-2025-2492—with a CVSSv4 score of 9.2. The flaw impacts several ASUS router firmware series with AiCloud enabled and …
Read more
Published Date:
Apr 21, 2025 (1 hour, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
CVE-2024-13062
CVE-2024-12912
Yokogawa Recorders Vulnerable to Attack Due to Insecure Default Settings
Yokogawa Electric Corporation has issued a security advisory warning of a critical vulnerability affecting several of its industrial recorder products. Tracked as CVE-2025-1863, this flaw allows unaut …
Read more
Published Date:
Apr 21, 2025 (1 hour, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
CVE-2025-1863
Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution
A critical vulnerability has been unearthed in PyTorch, one of the most beloved deep learning frameworks out there. Security researcher Ji’an Zhou has identified a critical Remote Command Execution (R …
Read more
Published Date:
Apr 21, 2025 (51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32434
CVE-2024-5480
CVE-2024-5452
CVE-2023-43654
Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104
A security researcher published a proof-of-concept exploit code for an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to i …
Read more
Published Date:
Apr 21, 2025 (49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32434
CVE-2024-53197
CVE-2024-53104
CVE-2024-50302
CVE ID : CVE-2025-39588
Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago
Description : Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39595
Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43929
Published : April 20, 2025, 3:15 a.m. | 23 hours ago
Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2020-36844
Published : April 20, 2025, 10:15 p.m. | 4 hours ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…