CVE ID : CVE-2025-32821
Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47203
Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago
Description : dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46828
Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago
Description : WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application’s underlying database. As a result, it may lead to data exfiltration, authentication bypass, or complete database compromise. Version 3.3.1 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47423
Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago
Description : Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server’s private SSL key in cleartext.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26169
Published : May 7, 2025, 7:16 p.m. | 28 minutes ago
Description : IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26168
Published : May 7, 2025, 7:16 p.m. | 28 minutes ago
Description : IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29746
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30147
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto’s bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version of Besu is version 25.3.0. As a workaround for versions of Besu with the problem, the native precompile for altbn128 may be disabled in favor of the pure-java implementation. The pure java implementation is significantly slower, but does not have this consensus issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3272
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.
The vulnerability could allow authenticated users to change their password without providing their old password.
This issue affects Operations Bridge Manager: 24.2, 24.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45388
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3476
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45514
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
bandwhich is a CLI utility for displaying current network utilization by process, connection and remote IP/hostname. The post bandwhich is…
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of …
Read more
Published Date:
May 07, 2025 (2 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-3568
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
The vulnerability, t …
Read more
Published Date:
May 07, 2025 (1 hour, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks
Symantec’s Threat Hunter Team has uncovered a sophisticated attack involving a zero-day privilege escalation vulnerability in Microsoft’s Common Log File System (CLFS) driver — CVE-2025-29824 — active …
Read more
Published Date:
May 07, 2025 (4 hours, 34 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
CVE-2024-26169
CVE-2024-21762
CVE-2022-47945
CVE-2022-37969
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch to version 1.3.0 now!
In April 2025, cybersecurity researcher …
Read more
Published Date:
May 07, 2025 (3 hours, 58 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware
Threat actors linked to the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows prior to its patching on April 8, 2025.
The vulnerability, tracked as CVE-2025-29824, affe …
Read more
Published Date:
May 07, 2025 (3 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code
A critical security vulnerability in AWS Amplify Studio has been identified, potentially allowing authenticated users to execute arbitrary JavaScript code during component rendering and build processe …
Read more
Published Date:
May 07, 2025 (3 hours, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4318
Symantec: Windows-lek voor uitkomen patch gebruikt bij malware-aanval
Een kwetsbaarheid in Windows waarvoor op 8 april een beveiligingsupdate verscheen is al voor het uitkomen van de patch gebruikt voor het verspreiden van malware, zo stelt Symantec. Eerder maakte Micro …
Read more
Published Date:
May 07, 2025 (3 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824