CVE ID : CVE-2025-47241
Published : May 3, 2025, 9:15 p.m. | 16 minutes ago
Description : In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
NVIDIA_OC is a simple Rust Command-Line Interface tool designed to overclock NVIDIA GPUs on Linux. The post NVIDIA_OC overclocks NVIDIA…
CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks
CISA has issued an urgent advisory highlighting critical vulnerabilities in KUNBUS GmbH’s Revolution Pi industrial automation devices.
These flaws, which include authentication bypass and remote code …
Read more
Published Date:
May 03, 2025 (2 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CISA adds Yii Framework and Commvault bugs to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, identifying two high-risk security flaws actively exploited in the wild. The …
Read more
Published Date:
May 03, 2025 (2 hours, 34 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
CVE-2024-58136
CVE ID : CVE-2025-37799
Published : May 3, 2025, 12:15 p.m. | 5 hours, 16 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
vmxnet3 driver’s XDP handling is buggy for packet sizes using ring0 (that
is, packet sizes between 128 – 3k bytes).
We noticed MTU-related connectivity issues with Cilium’s service load-
balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP
backend service where the XDP LB was doing IPIP encap led to overly large
packet sizes but only for *some* of the packets (e.g. HTTP GET request)
while others (e.g. the prior TCP 3WHS) looked completely fine on the wire.
In fact, the pcap recording on the backend node actually revealed that the
node with the XDP LB was leaking uninitialized kernel data onto the wire
for the affected packets, for example, while the packets should have been
152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes
was padded with whatever other data was in that page at the time (e.g. we
saw user/payload data from prior processed packets).
We only noticed this through an MTU issue, e.g. when the XDP LB node and
the backend node both had the same MTU (e.g. 1500) then the curl request
got dropped on the backend node’s NIC given the packet was too large even
though the IPIP-encapped packet normally would never even come close to
the MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let
the curl request succeed (which also indicates that the kernel ignored the
padding, and thus the issue wasn’t very user-visible).
Commit e127ce7699c1 (“vmxnet3: Fix missing reserved tailroom”) was too eager
to also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs
to stick to rcd->len which is the actual packet length from the descriptor.
The latter we also feed into vmxnet3_process_xdp_small(), by the way, and
it indicates the correct length needed to initialize the xdp->{data,data_end}
parts. For e127ce7699c1 (“vmxnet3: Fix missing reserved tailroom”) the
relevant part was adapting xdp_init_buff() to address the warning given the
xdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on
the wire looks good again.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4236
Published : May 3, 2025, 2:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4237
Published : May 3, 2025, 3:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-41753
Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-58134
Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application’s class name, as a HMAC session secret by default.
These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1495
Published : May 3, 2025, 5:15 p.m. | 16 minutes ago
Description : IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4238
Published : May 3, 2025, 5:15 p.m. | 16 minutes ago
Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4239
Published : May 3, 2025, 5:15 p.m. | 16 minutes ago
Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Lenovo redesigned its popular Legion Pro 7i gaming laptop alongside new Intel and NVIDIA hardware, and the result is a…
Diablo 4’s Season 8 is here, and recently we caught up with lead Diablo 4 designers Colin Finer and Deric…
The Xbox price hikes make Xbox Series S no longer the best value in gaming, and this PS5 is actually…
President Donald Trump has once again found himself at the center of a social media drama after posting an AI-generated…
Diabetes Detection System using PHP and Mysql is a web-based technology that allows users to predict the likelihood of diabetes…
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite…
I’ve been doing hiring manager screens lately. Here’s a few tips. Source: Read More
Post Content Source: Read MoreÂ