Cisco waarschuwt voor kritiek Erlang/OTP SSH-lek in eigen producten
Een kritieke kwetsbaarheid in Erlang/OTP SSH server is ook aanwezig in producten van Cisco, zo waarschuwt het netwerkbedrijf dat updates heeft uitgebracht om het probleem te verhelpen. Erlang is een p …
Read more
Published Date:
Apr 23, 2025 (2 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE ID : CVE-2025-3404
Published : April 19, 2025, 8:15 a.m. | 4 days, 1 hour ago
Description : The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3803
Published : April 19, 2025, 3:15 p.m. | 3 days, 18 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3802
Published : April 19, 2025, 3:15 p.m. | 3 days, 18 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43917
Published : April 19, 2025, 7:15 p.m. | 3 days, 14 hours ago
Description : In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3820
Published : April 19, 2025, 9:15 p.m. | 3 days, 12 hours ago
Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 2 hours, 45 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3529
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the ‘file_url’ parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2595
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3530
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
ChatGPT Creates Working Exploit for CVE’s Before Public PoCs Released
In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities befo …
Read more
Published Date:
Apr 23, 2025 (5 hours, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
Critical RCE Vulnerability in Erlang/OTP SSH Server Impacts Multiple Cisco Products
A critical remote code execution (RCE) vulnerability tracked as CVE-2025-32433 has disclosed. This flaw resides in the Erlang/OTP SSH server and affects a number of Cisco products that rely on the pla …
Read more
Published Date:
Apr 23, 2025 (5 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
OpenAI Expresses Interest in Acquiring Chrome Amidst Google Antitrust Scrutiny
According to a report by Reuters, the head of product for OpenAI’s ChatGPT revealed that if Google were ever compelled to divest its Chrome browser, OpenAI would express interest in acquiring it.
Shou …
Read more
Published Date:
Apr 23, 2025 (4 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-4947
Windows 11 Now Runs on iPad in EU via UTM Virtual Machine
Running Windows 11 on an iPad via a virtual machine has long been a formidable challenge, primarily due to Apple’s restrictions on iPadOS, which prohibit the execution of a full Just-In-Time (JIT) com …
Read more
Published Date:
Apr 23, 2025 (4 hours, 27 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-42118
CVE-2022-38181
CVE ID : CVE-2021-4455
Published : April 19, 2025, 8:15 a.m. | 3 days, 23 hours ago
Description : The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1021
Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46216
Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46217
Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46218
Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46219
Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…