CVE ID : CVE-2025-47419

Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago

Description : Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.

The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.

This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0853

Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47420

Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago

Description : 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4372

Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago

Description : Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0855

Published : May 6, 2025, 11:15 p.m. | 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The landscape of Artificial Intelligence is rapidly evolving, and one of the most exciting trends is the ability to run…

CVE ID : CVE-2025-0856

Published : May 6, 2025, 11:15 p.m. | 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

One of the most tedious tasks for every startup, company, and open-source project is often building and managing documentation –…

As mobile applications continue to evolve in functionality and scope, securing the APIs that power these apps has become more…

Juggling too many tabs in your phone’s browser? Opera on Android has a new feature for you. Source: Latest news 

Meet Apriel Nemotron 15B, a new open-source LLM. Source: Latest news 

Need to be more productive? You can force your Android device to minimize distractions with a few preset modes or…

A recent update is making HDR content washed out and ‘simply unwatchable.’ Source: Latest news 

The Unihertz Tank 3 Pro has a big battery, night vision camera, a 1,200-lumen camping light, and even a built-in…

These are the best Windows tablets we tested in 2025 to help you find the right device for work or…

Here’s every new and improved AI skill just announced, along with who can expect to see them, and when. Source:…

There’s no subscription needed with Samsung’s Galaxy Ring, and right now, Amazon is bundling it with a $100 gift card.…

UPDATE: Despite reports and confusion over new ads, Roku says nothing has changed. Source: Latest news 

Our updated version of Gemini 2.5 Pro Preview has improved capabilities for coding. Source: Read More 

We’ve seen developers doing amazing things with Gemini 2.5 Pro, so we decided to release an updated version a couple…