The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software…
Development
UK retail giant Marks & Spencer has confirmed it is managing a cybersecurity incident, following several days of service disruption…
Multiple suspected Russia-linked threat actors are “aggressively” targeting individuals and organizations with ties to Ukraine and human rights with an…
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software…
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware…
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a…
The development of text-to-speech (TTS) systems has seen significant advancements in recent years, particularly with the rise of large-scale neural…
Despite significant advances in reasoning capabilities through reinforcement learning (RL), most large language models (LLMs) remain fundamentally dependent on supervised…
Revisiting the Grokking Challenge In recent years, the phenomenon of grokking—where deep learning models exhibit a delayed yet sudden transition…
CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, a …
Read more
Published Date:
Apr 23, 2025 (3 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29931
CVE-2025-32822
CVE-2025-30030
CVE-2025-30002
CVE-2025-27539
CVE-2025-27495
CVE-2024-11425
CVE-2024-6407
Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls
Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and …
Read more
Published Date:
Apr 23, 2025 (3 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1732
CVE-2025-1731
Cisco waarschuwt voor kritiek Erlang/OTP SSH-lek in eigen producten
Een kritieke kwetsbaarheid in Erlang/OTP SSH server is ook aanwezig in producten van Cisco, zo waarschuwt het netwerkbedrijf dat updates heeft uitgebracht om het probleem te verhelpen. Erlang is een p …
Read more
Published Date:
Apr 23, 2025 (2 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE ID : CVE-2025-3404
Published : April 19, 2025, 8:15 a.m. | 4 days, 1 hour ago
Description : The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3803
Published : April 19, 2025, 3:15 p.m. | 3 days, 18 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3802
Published : April 19, 2025, 3:15 p.m. | 3 days, 18 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43917
Published : April 19, 2025, 7:15 p.m. | 3 days, 14 hours ago
Description : In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3820
Published : April 19, 2025, 9:15 p.m. | 3 days, 12 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 2 hours, 45 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3529
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the ‘file_url’ parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2595
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…