CVE ID : CVE-2025-48334
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action “woo_slide_pro_delete_slider”.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48912
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into ‘sqlExpression’ fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.
This issue affects Apache Superset: before 4.1.2.
Users are recommended to upgrade to version 4.1.2, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4635
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4633
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4634
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4636
Published : May 30, 2025, 9:15 a.m. | 21 minutes ago
Description : Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Il Progetto GNOME ha rilasciato il 2° aggiornamento di manutenzione per l’ultima serie dell’ambiente desktop GNOME 48 “Bengaluru”, GNOME 48.2,…
È stata rilasciata la versione 575 del driver grafico NVIDIA per sistemi GNU/Linux, BSD e Solaris. Questa versione introduce diverse…
Flood It is a game with the simple premise of flooding the entire board with one color in the least…
High-roller Matthew D. fears Finance. “This is from our corporate expense system. Will they flag my expenses in the April-December…
A self-taught journey from hacking games to crafting immersive WebGL experiences—with passion, persistence, and a hint of luck. Source: Read…
CVE ID : CVE-2024-12224
Published : May 30, 2025, 2:15 a.m. | 2 hours, 48 minutes ago
Description : Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48757
Published : May 30, 2025, 3:15 a.m. | 1 hour, 44 minutes ago
Description : An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44612
Published : May 30, 2025, 3:15 a.m. | 1 hour, 48 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44614
Published : May 30, 2025, 3:15 a.m. | 1 hour, 48 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to store users’ sensitive information, including credentials and mobile phone numbers, in plaintext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44619
Published : May 30, 2025, 3:15 a.m. | 1 hour, 48 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44904
Published : May 30, 2025, 4:15 a.m. | 48 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44905
Published : May 30, 2025, 4:15 a.m. | 48 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44906
Published : May 30, 2025, 4:15 a.m. | 48 minutes ago
Description : jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47952
Published : May 30, 2025, 4:15 a.m. | 48 minutes ago
Description : Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…