Development

CVE ID : CVE-2025-3786

Published : April 18, 2025, 9:15 a.m. | 4 days, 4 hours ago

Description : A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32953

Published : April 18, 2025, 9:15 p.m. | 3 days, 16 hours ago

Description : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-11299

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2092

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3457

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘oceanwp_icon’ shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3458

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3472

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-23175

Published : April 22, 2025, 1:15 p.m. | 1 hour, 21 minutes ago

Description : Multiple XSS (CWE-79)

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40445

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40446

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-46546

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28032

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28033

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28034

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Picture this: you describe your dream app in plain English, and within minutes, it’s a working product no coding, no setup, just your vision brought to life. This is Vibe Coding, the AI powered revolution redefining software development in 2025. By turning natural language prompts into fully functional applications, Vibe Coding empowers developers, designers, and
The post Vibe Coding: Transform Your Coding Experience appeared first on Codoid.

Understanding AI Agents’ Role in Insurance How Does Rigorous Software Testing Help Avoid Such Issues? Use Cases of AI Agents in Insurance Key Benefits of AI Agents in Insurance How can Tx Help You Improve Your AI Agents Quality? Summary In the rapidly evolving insurance ecosystem, balancing regulatory changes with dynamic customer needs is one … Top 5 Use Cases for AI Agents in the Insurance Industry
The post Top 5 Use Cases for AI Agents in the Insurance Industry first appeared on TestingXperts.

OpenTelemetry integration for laravel Source: Read More 

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate…

MongoDB regularly collaborates with open source innovators like David Bekker, a Drupal core contributor with over 600 commit credits. David’s…

OpenAI CEO Sam Altman has revealed that merely being polite to ChatGPT might be costing “tens of millions of dollars”…