CVE ID : CVE-2025-46333

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32986

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Windows “inetpub” security fix can be abused to block future updates

A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates.
After people installed this month’s Mi …
Read more

Published Date:
Apr 25, 2025 (3 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-21204

SAP komt met noodpatch voor actief aangevallen NetWeaver-lek

SAP heeft een noodpatch uitgebracht voor een actief aangevallen kritieke kwetsbaarheid in NetWeaver. “De kwetsbaarheid laatg aanvallers volledige controle over SAP-bedrijfsdata en -processen, waaronde …
Read more

Published Date:
Apr 25, 2025 (3 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324

Emergency patch for potential SAP zero-day that could grant full system control

SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.
However, we can’t say for sure whether that’s the case beca …
Read more

Published Date:
Apr 25, 2025 (2 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324

CVE-2017-9844

CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild

Craft CMS, a widely used content management system for developers and agencies, has disclosed a critical vulnerability tracked as CVE-2025-32432, affecting multiple major versions. The vulnerability, …
Read more

Published Date:
Apr 25, 2025 (2 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32432

CVE-2024-58136

CVE-2024-56145

CVE-2023-41892

CVE ID : CVE-2025-3638

Published : April 25, 2025, 3:15 p.m. | 4 hours, 29 minutes ago

Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3637

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site’s URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3635

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3628

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3636

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3640

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3644

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3645

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users’ names and online statuses.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3643

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3647

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43016

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43862

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46432

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46433

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…