Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign
Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into critical infrastructure (CNI) in the Middle East. The rep …
Read more
Published Date:
May 05, 2025 (1 hour, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3393
SocGholish Reloaded: Darktrace Uncovers Ransomware-Primed Loader Campaign
In a recent report, Darktrace’s Threat Research team has detailed a sophisticated malware campaign involving the SocGholish loader—a JavaScript-based first-stage malware now weaponized by ransomware a …
Read more
Published Date:
May 05, 2025 (1 hour, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31191
CVE-2023-48788
CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape
Microsoft Threat Intelligence has disclosed a significant vulnerability in macOS that could allow attackers to bypass the App Sandbox and execute unauthorized code on affected systems. The vulnerabili …
Read more
Published Date:
May 05, 2025 (1 hour, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31191
CVE-2024-54527
SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475
Image: watchTowr
A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr Labs, the technical disclosure outlines how two distinct vu …
Read more
Published Date:
May 05, 2025 (1 hour, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-40766
CVE-2024-38475
CVE-2023-44221
Bridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals
Cyber threat actor RomCom—also tracked as Storm-0978, Tropical Scorpius, UNC2596, Void Rabisu, and UAC-0180—has launched a new cyber espionage campaign targeting UK-based retail, hospitality, and crit …
Read more
Published Date:
May 05, 2025 (1 hour, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46337
CVE-2024-49039
CVE-2024-9680
CVE-2023-36884
Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0)
A critical security flaw has been disclosed in ADOdb, the widely-used PHP database abstraction library with over 2.8 million installations worldwide. Tracked as CVE-2025-46337, the vulnerability resid …
Read more
Published Date:
May 05, 2025 (1 hour, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46337
CVE-2025-46762: Apache Parquet Java Flaw Allows Potential RCE via Avro Schema
A critical security flaw has been identified in Apache Parquet Java, a popular open-source columnar storage format widely used in data-intensive applications and analytics pipelines. Tracked as CVE-20 …
Read more
Published Date:
May 05, 2025 (1 hour, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-4254
Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago
Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LIST Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4255
Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4256
Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4257
Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4258
Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file youkefu-mastersrcmainjavacomukefuwebimwebhandlerresourceMediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4273
Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20665
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20666
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20667
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20668
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20670
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20671
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4259
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…