CVE ID : CVE-2025-0649
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Incorrect JSON input stringification in Google’s Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44073
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44899
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46572
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46573
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Building serverless AI agents has recently become a lot simpler. With the Langbase Docs MCP server, you can instantly connect…
CVE ID : CVE-2025-47418
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47419
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0853
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47420
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4372
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0855
Published : May 6, 2025, 11:15 p.m. | 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
The landscape of Artificial Intelligence is rapidly evolving, and one of the most exciting trends is the ability to run…
CVE ID : CVE-2025-0856
Published : May 6, 2025, 11:15 p.m. | 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
One of the most tedious tasks for every startup, company, and open-source project is often building and managing documentation –…
As mobile applications continue to evolve in functionality and scope, securing the APIs that power these apps has become more…
Juggling too many tabs in your phone’s browser? Opera on Android has a new feature for you. Source: Latest newsÂ
Meet Apriel Nemotron 15B, a new open-source LLM. Source: Latest newsÂ
Need to be more productive? You can force your Android device to minimize distractions with a few preset modes or…
A recent update is making HDR content washed out and ‘simply unwatchable.’ Source: Latest newsÂ