Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching
IBM has released security updates to address two critical vulnerabilities affecting its flagship business intelligence platform, IBM Cognos Analytics, warning that attackers could exploit these flaws …
Read more
Published Date:
May 06, 2025 (2 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27363
CVE-2024-51466
CVE-2024-40695
DragonForce Ransomware Cartel Hits UK Retailers with Custom Payloads and Global Extortion Campaign
DragonForce affiliate panel | Image: SentinelOne
A disturbing evolution in the ransomware ecosystem has been exposed by cybersecurity firm SentinelOne, which has published an in-depth analysis of the …
Read more
Published Date:
May 06, 2025 (2 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-21412
CVE-2024-21893
CVE-2024-21887
CVE-2023-46805
CVE-2021-44228
Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password
A security vulnerability has been identified in Digigram’s PYKO-OUT audio-over-IP (AoIP) product, raising concerns about its use in applications such as paging, background music, and live announcement …
Read more
Published Date:
May 06, 2025 (2 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3927
CVE-2024-12366
CVE-2025-2605 (CVSS 9.9): Critical Vulnerability Found in Honeywell MB-Secure Alarm Panels
Honeywell has issued an urgent security notice (SN 2025-05-01-01) disclosing a critical vulnerability in its MB-Secure and MB-Secure PRO alarm control panels, used in physical security infrastructure …
Read more
Published Date:
May 06, 2025 (1 hour, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2905
CVE-2025-2605
CVE ID : CVE-2025-4298
Published : May 6, 2025, 12:15 a.m. | 3 hours, 19 minutes ago
Description : A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4299
Published : May 6, 2025, 12:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4300
Published : May 6, 2025, 12:15 a.m. | 3 hours, 19 minutes ago
Description : A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2509
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46728
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4301
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4303
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-39442
Published : May 6, 2025, 2:15 a.m. | 1 hour, 19 minutes ago
Description : In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4304
Published : May 6, 2025, 2:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4305
Published : May 6, 2025, 2:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3609
Published : May 6, 2025, 3:15 a.m. | 19 minutes ago
Description : The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the ‘reales_user_signup_form’ AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for unauthenticated attackers to create new user accounts, which can be leveraged with CVE-XX to achieve privilege escalation.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3610
Published : May 6, 2025, 3:15 a.m. | 19 minutes ago
Description : The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user’s identity prior to updating their details like password. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user’s passwords and email addresses, including administrators, and leverage that to gain access to their account. This can be combined with CVE-2025-3609 to achieve remote code execution as an originally unauthenticated user with no account.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4306
Published : May 6, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4307
Published : May 6, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation of the argument artmed leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4308
Published : May 6, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
在金融科技蓬勃發展的背景下,永豐銀行積極運用巨量資料分析、AI、區塊鏈技術,推出獨具特色的的金融產品和服務,全力提升消費者體驗、實現普惠金融。永豐銀行已獲得眾多年輕族群青睞,在競爭日益激烈的金融市場中佔有一席之地。 永豐銀行資訊處資深專案副理楊文淵表示:「企業推動生成式AI的速度,將決定其在產業中的競爭力。藉由MongoDB Atlas與生成式AI完美結合,我們順利推動永豐雲 Chat! 和投資水晶球等兩大專案,不僅提升同仁的工作效率,也讓消費者享有更好的金融服務。」 生成式AI席捲全球 發展創新服務迫在眉睫 在各方面都展現強大威力的生成式AI,近來已成為企業發展創新服務的重要技術。面對消費者需求難以捉模,加上金融產業競爭日趨激烈,永豐銀行積極思考運用生成式AI發展創新服務,以及提升員工工作效率的方法。 永豐銀行於2023年第一季導入 Azure OpenAI 企業版 GPT-3.5之後,隨即在公司舉辦「永豐銀行 Let’s Chat: GAI 提案競賽」,當時已運用MongoDB Enterprise Advanced 推出智慧收支帳本。得知MongoDB…