Microsoft unveiled a new 13-inch Surface Laptop as a more portable alternative to the Surface Laptop 7. I take a…
The latest game mode in Call of Duty: Warzone may well be weed-themed, but it’s the most fun I’ve had…
Grand Theft Auto 6’s second trailer is here, showing more of Vice City and the lives of protagonists Lucia and…
The new Surface Pro 12-inch and Surface Laptop 13-inch are more affordable and portable than their flagship siblings. Have they…
DOOM: The Dark Ages and Revenge of the Savage Planet are just some of the games headed to Xbox Game…
Microsoft just announced a Surface Pro 12-inch and Surface Laptop 13-inch. The compact PCs are already available for preorder and…
I’ve checked prices for DOOM: The Dark Ages, and this is the best deal going on right now for PC…
Close to 20 years after Halo 3’s original Xbox release, one of the game’s most famous cut levels has been…
CVE ID : CVE-2024-12225
Published : May 6, 2025, 8:15 p.m. | 2 hours ago
Description : A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user’s user name.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47256
Published : May 6, 2025, 8:15 p.m. | 3 hours, 42 minutes ago
Description : Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47417
Published : May 6, 2025, 8:15 p.m. | 3 hours, 42 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0649
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Incorrect JSON input stringification in Google’s Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44073
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44899
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46572
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46573
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Building serverless AI agents has recently become a lot simpler. With the Langbase Docs MCP server, you can instantly connect…
CVE ID : CVE-2025-47418
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47419
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0853
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…