CVE-2025-4337 – “WordPress AHAthat Plugin CSRF Vulnerability”

CVE ID : CVE-2025-4337

Published : May 6, 2025, 5:15 a.m. | 2 hours, 32 minutes ago

Description : The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_page() function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4324 – MRCMS Cross Site Scripting Vulnerability

CVE ID : CVE-2025-4324

Published : May 6, 2025, 6:15 a.m. | 1 hour, 32 minutes ago

Description : A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4325 – MRCMS Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4325

Published : May 6, 2025, 6:15 a.m. | 1 hour, 32 minutes ago

Description : A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4326 – MRCMS Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4326

Published : May 6, 2025, 6:15 a.m. | 1 hour, 32 minutes ago

Description : A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46584 – Apache File System Authentication Bypass

CVE ID : CVE-2025-46584

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : Vulnerability of improper authentication logic implementation in the file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46585 – Linux Kernel Out-of-bounds Array Read/Write Vulnerability

CVE ID : CVE-2025-46585

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : Out-of-bounds array read/write vulnerability in the kernel module
Impact: Successful exploitation of this vulnerability may affect availability.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46586 – “Apache Contacts Module Permission Control Vulnerability”

CVE ID : CVE-2025-46586

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : Permission control vulnerability in the contacts module
Impact: Successful exploitation of this vulnerability may affect availability.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4327 – MRCMS Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-4327

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4328 – Spring Cloud Base HTTP Header Handler Open Redirect Vulnerability

CVE ID : CVE-2025-4328

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4329 – 74CMS Path Traversal Vulnerability

CVE ID : CVE-2025-4329

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

A significant security vulnerability has been identified in BeyondTrust’s Privileged Remote Access (PRA) solution, posing a risk to organizations relying on this technology for managing privileged ses …
Read more

Published Date:
May 05, 2025 (4 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0217

CVE-2024-12356

CVE-2024-7399

CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild

CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild

A critical security vulnerability, CVE-2024-7399, is being actively exploited in the wild in Samsung MagicINFO 9 Server, a content management system (CMS) widely used for managing digital signage disp …
Read more

Published Date:
May 05, 2025 (3 hours, 51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0217

CVE-2025-3248

CVE-2024-7399

Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248

Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248

Image: Horizon3.ai
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248 to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active e …
Read more

Published Date:
May 05, 2025 (3 hours, 39 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

CVE-2025-27363

CVE-2024-7399

Android Security Bulletin May 2025: Multi Vulnerabilities Including Actively Exploited CVE-2025-27363

Android Security Bulletin May 2025: Multi Vulnerabilities Including Actively Exploited CVE-2025-27363

Google has released its Android Security Bulletin for May 2025, highlighting a range of high-severity vulnerabilities affecting Android OS components, third-party chipsets, and the popular FreeType li …
Read more

Published Date:
May 05, 2025 (3 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

CVE-2025-27363

Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching

Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching

IBM has released security updates to address two critical vulnerabilities affecting its flagship business intelligence platform, IBM Cognos Analytics, warning that attackers could exploit these flaws …
Read more

Published Date:
May 06, 2025 (2 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27363

CVE-2024-51466

CVE-2024-40695

DragonForce Ransomware Cartel Hits UK Retailers with Custom Payloads and Global Extortion Campaign

DragonForce Ransomware Cartel Hits UK Retailers with Custom Payloads and Global Extortion Campaign

DragonForce affiliate panel | Image: SentinelOne
A disturbing evolution in the ransomware ecosystem has been exposed by cybersecurity firm SentinelOne, which has published an in-depth analysis of the …
Read more

Published Date:
May 06, 2025 (2 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-21412

CVE-2024-21893

CVE-2024-21887

CVE-2023-46805

CVE-2021-44228