Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing…
Development
Retrieval Augmented Generation (RAG) applications have become increasingly popular due to their ability to enhance generative AI tasks with contextually…
Archival data in research institutions and national laboratories represents a vast repository of historical knowledge, yet much of it remains…
Challenges in Localized Captioning for Vision-Language Models Describing specific regions within images or videos remains a persistent challenge in vision-language…
Xata Agent is an open-source AI assistant built to serve as a site reliability engineer for PostgreSQL databases. It constantly…
Recent advancements in large language models (LLMs) have enabled the development of AI-based coding agents that can generate, modify, and…
Ripple NPM supply chain attack hunts for private keys
Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.
The NPM package, xrpl, is a JavaScript/TypeScript library that devs use to …
Read more
Published Date:
Apr 23, 2025 (5 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32965
CVE ID : CVE-2025-3673
Published : April 23, 2025, 7:16 p.m. | 3 hours, 42 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3092.. Reason: This candidate is a reservation duplicate of CVE-2023-3092. Notes: All CVE users should reference CVE-2023-3092. instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28169
Published : April 23, 2025, 8:15 p.m. | 2 hours, 43 minutes ago
Description : BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer’s cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32818
Published : April 23, 2025, 8:15 p.m. | 2 hours, 43 minutes ago
Description : A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46397
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46398
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46400
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46399
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code
A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective.
The vul …
Read more
Published Date:
Apr 23, 2025 (5 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0618
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds
Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.
These critical flaws, discovered in wallets includ …
Read more
Published Date:
Apr 23, 2025 (5 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-40580
Synology Network File System Vulnerability Let Read Any File
A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System …
Read more
Published Date:
Apr 23, 2025 (5 hours, 10 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1021
ASUS releases fix for AMI bug that lets hackers brick servers
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.
The flaw impacts American Megatrends Internati …
Read more
Published Date:
Apr 23, 2025 (4 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-54085
CVE-2025-1731 and CVE-2025-1732 impacts Zyxel Firewalls
Zyxel has disclosed two critical vulnerabilities, CVE-2025-1731 and CVE-2025-1732, affecting its USG FLEX H series firewalls. These vulnerabilities could allow authenticated local attackers to escalat …
Read more
Published Date:
Apr 23, 2025 (3 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1732
CVE-2025-1731
CVE-2025-32433
CVE-2025-24054
CVE ID : CVE-2025-28037
Published : April 22, 2025, 4:15 p.m. | 1 day, 2 hours ago
Description : TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…