CVE-2025-46374 – Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-46374

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46375 – Apache Struts Deserialization Vulnerability

CVE ID : CVE-2025-46375

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46378 – Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-46378

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46379 – Apache Web Server Denial of Service

CVE ID : CVE-2025-46379

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46380 – Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-46380

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46381 – Apache HTTP Server Command Injection

CVE ID : CVE-2025-46381

Published : April 24, 2025, 3:15 a.m. | 4 hours, 25 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3435 – Mang Board WP Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3435

Published : April 24, 2025, 4:15 a.m. | 3 hours, 25 minutes ago

Description : The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-1453 – WordPress Category Posts Widget Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-1453

Published : April 24, 2025, 6:15 a.m. | 1 hour, 25 minutes ago

Description : The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-2558 – “WordPress Theme-Wound LFI Vulnerability”

CVE ID : CVE-2025-2558

Published : April 24, 2025, 6:15 a.m. | 1 hour, 25 minutes ago

Description : The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-32730 – i-PRO Co., Ltd. Surveillance Cameras and Recorders Cryptographic Key Hard-Coded Authentication Bypass

CVE ID : CVE-2025-32730

Published : April 24, 2025, 7:15 a.m. | 25 minutes ago

Description : Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3761 – My Tickets – WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-3761

Published : April 24, 2025, 7:15 a.m. | 25 minutes ago

Description : The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Tangled Up in Foo

DZ’s tech lead is a doctor of computer science, and that doctor loves to write code. But you already know…

FormBook Malware Spreads via Sophisticated Phishing Attack

FormBook Malware Spreads via Sophisticated Phishing Attack

Workflow diagram of this FormBook campaign | Image: FortiGuard Labs
A new phishing campaign distributing the FormBook infostealer malware has been uncovered by Fortinet’s FortiGuard Labs, targeting Wi …
Read more

Published Date:
Apr 24, 2025 (3 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.