DragonForce Ransomware Hits Harrods, Marks and Spencer, Co-Op & Other UK Retailers
A coordinated wave of cyberattacks has struck major UK retailers in recent weeks, with the DragonForce ransomware group claiming responsibility for breaches at Marks & Spencer, Co-op, and luxury depar …
Read more
Published Date:
May 06, 2025 (2 hours, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-44228
Google fixes actively exploited FreeType flaw on Android
Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability.
FreeType is a popula …
Read more
Published Date:
May 06, 2025 (2 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27363
CISA Adds Langflow flaw to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248, a critical vulnerability in Langflow, to its Known Exploited Vulnerabilities (KEV) Catalog, citing activ …
Read more
Published Date:
May 06, 2025 (26 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
Cybersecurity / Hacking News
What if attackers aren’t breaking in—they’re already inside, watching, and adapting?
This week showed a sharp rise in stealth tactics built for long-term access and silent …
Read more
Published Date:
May 05, 2025 (1 day, 3 hours ago)
Vulnerabilities has been mentioned in this article.
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild
A critical security vulnerability in Samsung’s digital signage management platform has moved from theoretical risk to active threat as attackers begin exploiting it in real-world attacks.
CVE-2024-739 …
Read more
Published Date:
May 06, 2025 (2 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-7399
CVE ID : CVE-2025-45607
Published : May 5, 2025, 8:15 p.m. | 18 hours, 44 minutes ago
Description : An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45611
Published : May 5, 2025, 8:15 p.m. | 18 hours, 44 minutes ago
Description : Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45612
Published : May 5, 2025, 8:15 p.m. | 18 hours, 44 minutes ago
Description : Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0984
Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4349
Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4350
Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4352
Published : May 6, 2025, 12:15 p.m. | 3 hours, 19 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4353
Published : May 6, 2025, 12:15 p.m. | 3 hours, 19 minutes ago
Description : A vulnerability, which was classified as critical, was found in Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2018-1359
Published : May 6, 2025, 1:15 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4355
Published : May 6, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4354
Published : May 6, 2025, 1:15 p.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4356
Published : May 6, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4357
Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago
Description : A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4358
Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4359
Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago
Description : A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…