CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks

CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively expl …
Read more

Published Date:
Apr 29, 2025 (2 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3928

CVE-2025-1976

CVE-2025-42599

CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog

CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog

CISA officially added a significant security flaw affecting Broadcom’s Brocade Fabric OS to its authoritative Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgent need for remediatio …
Read more

Published Date:
Apr 29, 2025 (2 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-1976

NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments

NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments

A critical security flaw in NVIDIA’s Riva framework, an AI-powered speech and translation service, has left cloud environments vulnerable to unauthorized access and exploitation.
Trend Micro researche …
Read more

Published Date:
Apr 29, 2025 (1 hour, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23243

CVE-2025-23242

CVE-2025-1551 – IBM Operational Decision Manager Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-1551

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-25403 – Slims Senayan Library Management Systems SQL Injection Vulnerability

CVE ID : CVE-2025-25403

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-25962 – Uniswap Coresmartcontracts Privilege Escalation

CVE ID : CVE-2025-25962

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-23177 – Apache ShellShock Path Traversal

CVE ID : CVE-2025-23177

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : CWE-427: Uncontrolled Search Path Element

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

CVE ID : CVE-2025-32354

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40615 – Bookgy Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-40615

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending a malicious URL through the “TEXTO” parameter in /api/api_ajustes.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40616 – Bookgy Reflected XSS

CVE ID : CVE-2025-40616

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending a malicious URL through the “IDRESERVA” parameter in /bkg_imprimir_comprobante.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40617 – Bookgy SQL Injection Vulnerability

CVE ID : CVE-2025-40617

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the “IDTIPO”, “IDPISTA” and “IDSOCIO” parameters in /bkg_seleccionar_hora_ajax.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40618 – Bookgy SQL Injection Vulnerability

CVE ID : CVE-2025-40618

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the “IDRESERVA”  parameter in /bkg_imprimir_comprobante.php

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40619 – Bookgy Authentication Bypass

CVE ID : CVE-2025-40619

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46346 – YesWiki Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-46346

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `

CVE-2025-4068 – Code-projects Simple Movie Ticket Booking System Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-4068

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4069 – Code-projects Product Management System Stack-Based Buffer Overflow

CVE ID : CVE-2025-4069

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4070 – PHPGurukul Rail Pass Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4070

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…