CVE ID : CVE-2025-2082

Published : April 30, 2025, 8:15 p.m. | 2 hours, 54 minutes ago

Description : Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4136

Published : April 30, 2025, 8:15 p.m. | 2 hours, 54 minutes ago

Description : A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-27562

Published : April 30, 2025, 9:15 p.m. | 1 hour, 53 minutes ago

Description : Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-42449

Published : April 30, 2025, 9:15 p.m. | 1 hour, 53 minutes ago

Description : Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24132

Published : April 30, 2025, 9:15 p.m. | 1 hour, 53 minutes ago

Description : The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-30422

Published : April 30, 2025, 9:15 p.m. | 1 hour, 53 minutes ago

Description : A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4139

Published : April 30, 2025, 9:15 p.m. | 1 hour, 53 minutes ago

Description : A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-42450

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-37517

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Missing “no cache” headers in HCL Leap permits sensitive data to be cached.

Severity: 3.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-45721

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Insufficient default configuration in HCL Leap
allows anonymous access to directory information.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-37535

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4533

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. It was assigned as a duplicate of CVE-2023-52440

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-30115

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-30145

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-30146

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server’s filesystem.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4140

Published : April 30, 2025, 10:15 p.m. | 1 hour, 31 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4141

Published : April 30, 2025, 10:15 p.m. | 1 hour, 31 minutes ago

Description : A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4142

Published : April 30, 2025, 11:16 p.m. | 30 minutes ago

Description : A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

April 2025 updates to the largest compilation of recommended free and open source software available for Linux. The post Best…

InfluxDB Core is a database built to collect, process, transform, and store event and time series data. The post InfluxDB…