44% of the zero-days exploited in 2024 were in enterprise solutions

44% of the zero-days exploited in 2024 were in enterprise solutions

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks.
Of these, 33 vulnerabilities …
Read more

Published Date:
Apr 29, 2025 (5 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3928

CVE-2025-1976

CVE-2024-55591

CVE-2025-0282

CVE-2024-53104

CVE-2024-9381

CVE-2024-9380

CVE-2024-9379

CVE-2024-32896

CVE-2024-29748

CVE-2024-29745

Many Fuel Tank Monitoring Systems Vulnerable to Disruption

Many Fuel Tank Monitoring Systems Vulnerable to Disruption

Source: jittawit21 via ShutterstockInternet-connected automatic tank gauges (ATGs) pose a serious but often overlooked cyber-risk to the thousands of gas stations, fuel depots, and facilities that rel …
Read more

Published Date:
Apr 29, 2025 (4 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324

CVE-2024-45066

CVE-2024-43693

CVE-2025-4079 – PCMan FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-4079

Published : April 29, 2025, 7:15 p.m. | 3 hours, 52 minutes ago

Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0520 – ShowDoc Unrestricted File Upload RCE

CVE ID : CVE-2025-0520

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-57698 – Modernwms Information Disclosure Vulnerability

CVE ID : CVE-2024-57698

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4078 – Wangshen SecGate 3600 2400 File Path Traversal Vulnerability

CVE ID : CVE-2025-4078

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4080 – “PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability”

CVE ID : CVE-2025-4080

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3910 – Keycloak Authorization Bypass Vulnerability

CVE ID : CVE-2025-3910

Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago

Description : A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3501 – Keycloak Certificate Verification Bypass

CVE ID : CVE-2025-3501

Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago

Description : A flaw was found in Keycloak. By setting a verification policy to ‘ALL’, the trust store certificate verification is skipped, which is unintended.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46344 – Auth0 Next.js SDK: JWE Token Expiration Claim Omission

CVE ID : CVE-2025-46344

Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago

Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…