ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.
The vulnera …
Read more
Published Date:
Apr 18, 2025 (2 days, 2 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
CVE ID : CVE-2025-3817
Published : April 19, 2025, 7:15 p.m. | 22 hours, 59 minutes ago
Description : A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3827
Published : April 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3828
Published : April 20, 2025, 4:15 p.m. | 2 hours ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3829
Published : April 20, 2025, 4:15 p.m. | 2 hours ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3830
Published : April 20, 2025, 5:15 p.m. | 59 minutes ago
Description : A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
IronHusky APT deploys MysterySnail APT
IronHusky APT, a China-linked cyber espionage group, has resurfaced with an evolved version of its MysterySnail RAT, targeting government organizations in Russia and Mongolia. Leveraging malicious MMC …
Read more
Published Date:
Apr 20, 2025 (10 hours, 10 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32445
CVE-2021-40449
Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has …
Read more
Published Date:
Apr 20, 2025 (6 hours, 50 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31201
CVE-2025-31200
CVE-2025-24054
CVE-2021-20035
CVE-2025-2492 impacts ASUS AiCloud Routers
CVE-2025-2492 is a critical authentication bypass vulnerability affecting ASUS routers with AiCloud enabled. This flaw allows remote attackers to execute unauthorized functions on vulnerable devices w …
Read more
Published Date:
Apr 20, 2025 (3 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
CVE-2025-32445
CVE ID : CVE-2025-3806
Published : April 19, 2025, 5:15 p.m. | 21 hours, 33 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Affected by this issue is some unknown functionality of the file /admin of the component Edit Profile Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3807
Published : April 19, 2025, 5:15 p.m. | 21 hours, 33 minutes ago
Description : A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3808
Published : April 19, 2025, 6:15 p.m. | 20 hours, 34 minutes ago
Description : A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3816
Published : April 19, 2025, 6:15 p.m. | 20 hours, 34 minutes ago
Description : A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3822
Published : April 20, 2025, 7:15 a.m. | 7 hours, 34 minutes ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3823
Published : April 20, 2025, 11:15 a.m. | 3 hours, 33 minutes ago
Description : A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3824
Published : April 20, 2025, 11:15 a.m. | 3 hours, 33 minutes ago
Description : A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3825
Published : April 20, 2025, 12:15 p.m. | 2 hours, 34 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3826
Published : April 20, 2025, 1:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
It starts with a single tear. Not the kind you wipe away quietly during a movie. Not even the kind…
A simple package that validates EU VAT numbers against the central ec.europa.eu database Source: Read MoreÂ