When Steve’s employer went hunting for a new customer relationship management system (CRM), they had some requirements. A lot of…
Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found
A major security flaw has been discovered in PyTorch, the widely used open-source machine learning framework. Identified as CVE-2025-32434, this newly reported PyTorch vulnerability allows attackers t …
Read more
Published Date:
Apr 21, 2025 (16 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin
A critical vulnerability affecting the popular WordPress plugin Greenshift – animation and page builder blocks has come to light, potentially placing over 50,000 active websites at risk of full compro …
Read more
Published Date:
Apr 21, 2025 (2 hours, 55 minutes ago)
Vulnerabilities has been mentioned in this article.
SVG Files Weaponized: Phishing Attacks Embed HTML Code
Phishing is no longer just about shady links and poorly worded emails. According to a new report from Kaspersky Labs, threat actors are now embedding HTML and JavaScript code inside SVG files—turning …
Read more
Published Date:
Apr 22, 2025 (2 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0366
RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks
FortiGuard Labs recently discovered RustoBot, written in Rust, a memory-safe language known for its performance and security, a sophisticated botnet exploiting vulnerabilities in TOTOLINK and DrayTek …
Read more
Published Date:
Apr 22, 2025 (2 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-12987
CVE-2022-26187
CVE-2022-26210
Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited
A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability, tracked as CVE-2025-1976, allows a local user with admin p …
Read more
Published Date:
Apr 22, 2025 (2 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
FOG Ransomware Campaign Targets Multiple Sectors with Phishing and Payload Obfuscation
The initial ransom note dropped that uses DOGE-related references to troll | Image: Trend Micro
Trend Micro has identified a recent campaign involving FOG ransomware, demonstrating the adaptability of …
Read more
Published Date:
Apr 22, 2025 (1 hour, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-40711
CVE-2024-40766
CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch
A security flaw has been unearthed in WinZip, the popular file compression utility, placing millions of users at risk of silent code execution. Tracked as CVE-2025-33028, this vulnerability enables a …
Read more
Published Date:
Apr 22, 2025 (1 hour, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-33028
CVE-2025-1240
CVE-2025-0411
CVE-2024-8811
Google Spoofed in Sophisticated DKIM Replay Attack Exploiting Email Trust Mechanisms
What if an email in your inbox looked exactly like it came from Google—passed all authentication checks, had no spelling errors, came from a Google domain, and even discussed a subpoena involving your …
Read more
Published Date:
Apr 22, 2025 (1 hour, 50 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-33028
CVE-2023-42442
CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released
Image: Elli Shlomo
Security researcher Elli Shlomo published the technical details and a proof-of-concept exploit code for CVE-2025-21204, a severe local privilege escalation flaw within the Windows U …
Read more
Published Date:
Apr 22, 2025 (1 hour, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21204
CVE-2024-38063
CVE ID : CVE-2025-39470
Published : April 18, 2025, 5:15 a.m. | 3 days, 20 hours ago
Description : Path Traversal: ‘…/…//’ vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3846
Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3847
Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3849
Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2987
Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-58250
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3855
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3850
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3854
Published : April 22, 2025, 1:15 a.m. | 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3856
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…