CVE ID : CVE-2023-45720
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30113
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30147
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31324
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30114
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43858
Published : April 24, 2025, 6:15 p.m. | 45 minutes ago
Description : YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
GitLab Security Update – Patch for XSS, DoS & Account Takeover Vulnerabilities
GitLab has released critical security patches addressing multiple high-severity vulnerabilities in its platform, highlighting robust security measures amid increasing cyber threats.
The company has is …
Read more
Published Date:
Apr 24, 2025 (3 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
Commvault back-upserver via kritiek path traversal-lek over te nemen
Een kritieke kwetsbaarheid in de back-upsoftware van Commvault maakt het mogelijk voor ongeauthenticeerde aanvallers om op afstand kwetsbare servers via een zip-bestand over te nemen. De impact van he …
Read more
Published Date:
Apr 24, 2025 (3 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server me …
Read more
Published Date:
Apr 24, 2025 (2 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21605
CVE ID : CVE-2025-27820
Published : April 24, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46420
Published : April 24, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46421
Published : April 24, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30408
Published : April 24, 2025, 2:15 p.m. | 44 minutes ago
Description : Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30409
Published : April 24, 2025, 2:15 p.m. | 44 minutes ago
Description : Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43855
Published : April 24, 2025, 2:15 p.m. | 44 minutes ago
Description : tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Test automation frameworks like Playwright have revolutionized automation testing for browser-based applications with their speed,, reliability, and cross-browser support. However, while Playwright excels at test execution, its default reporting capabilities can leave teams wanting more when it comes to actionable insights and collaboration. Enter ReportPortal, a powerful, open-source test reporting platform designed to transform raw
The post Playwright Report Portal Integration Guide appeared first on Codoid.
The Indian motor insurance market is currently valued at around $13.19 billion and is projected to reach $21.48 billion by…
New Firefly updates boost realism, control, and collaboration across Creative Cloud apps Adobe just dropped major AI upgrades: Firefly Image…
Microsoft just dropped some big updates to its 365 Copilot, and it’s all about making work a lot easier. Two…
Life insurance companies rely on accurate medical underwriting to determine policy pricing and risk. These calculations come from specialized underwriting…