Diffusion Transformers have demonstrated outstanding performance in image generation tasks, surpassing traditional models, including GANs and autoregressive architectures. They operate…
Development
VoltAgent is an open-source TypeScript framework designed to streamline the creation of AI‑driven applications by offering modular building blocks and…
CVE ID : CVE-2024-53569
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-53568
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23253
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29621
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31327
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31328
Published : April 22, 2025, 7:15 p.m. | 3 hours, 34 minutes ago
Description : SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26159
Published : April 22, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29743
Published : April 22, 2025, 8:15 p.m. | 2 hours, 35 minutes ago
Description : D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32965
Published : April 22, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account’s master key is potentially compromised, disable the key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-37087
Published : April 22, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27087
Published : April 22, 2025, 10:15 p.m. | 35 minutes ago
Description : A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-37088
Published : April 22, 2025, 10:15 p.m. | 35 minutes ago
Description : A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Hackers Attacking Network Edge Devices to Compromise SMB Organizations
Small and medium-sized businesses (SMBs) are increasingly falling victim to cyberattacks that specifically target network edge devices, according to recent findings.
These critical devices—including f …
Read more
Published Date:
Apr 22, 2025 (6 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-40711
TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands
Multiple vulnerabilities have been identified in popular TP-Link routers that expose users to severe security risks due to SQL injection flaws in their web management interfaces.
These vulnerabilities …
Read more
Published Date:
Apr 22, 2025 (5 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29653
CVE-2025-29650
CVE-2025-29649
CVE-2025-29648
Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability
Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:inetpub folder. There’s a good write up here:T …
Read more
Published Date:
Apr 22, 2025 (5 hours, 2 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-3278
Published : April 19, 2025, 3:15 a.m. | 3 days, 14 hours ago
Description : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying ‘user_register_role’ field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1093
Published : April 19, 2025, 4:15 a.m. | 3 days, 13 hours ago
Description : The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1950
Published : April 22, 2025, 3:16 p.m. | 2 hours, 29 minutes ago
Description : IBM Hardware Management Console – Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…