Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible…
Development
Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in…
Reasoning with LLMs can benefit from utilizing more test compute, which depends on high-quality process reward models (PRMs) to select…
The CLIP framework has become foundational in multimodal representation learning, particularly for tasks such as image-text retrieval. However, it faces…
In this tutorial, we will be implementing a custom Model Context Protocol (MCP) Client using Gemini. By the end of…
OpenPipe has introduced ART·E (Autonomous Retrieval Tool for Email), an open-source research agent designed to answer user questions based on…
44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks.
Of these, 33 vulnerabilities …
Read more
Published Date:
Apr 29, 2025 (5 hours, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3928
CVE-2025-1976
CVE-2024-55591
CVE-2025-0282
CVE-2024-53104
CVE-2024-9381
CVE-2024-9380
CVE-2024-9379
CVE-2024-32896
CVE-2024-29748
CVE-2024-29745
Many Fuel Tank Monitoring Systems Vulnerable to Disruption
Source: jittawit21 via ShutterstockInternet-connected automatic tank gauges (ATGs) pose a serious but often overlooked cyber-risk to the thousands of gas stations, fuel depots, and facilities that rel …
Read more
Published Date:
Apr 29, 2025 (4 hours, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2024-45066
CVE-2024-43693
CVE ID : CVE-2025-4079
Published : April 29, 2025, 7:15 p.m. | 3 hours, 52 minutes ago
Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0520
Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago
Description : An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-57698
Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago
Description : An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4078
Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4080
Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3910
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3501
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : A flaw was found in Keycloak. By setting a verification policy to ‘ALL’, the trust store certificate verification is skipped, which is unintended.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46344
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46549
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46348
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46550
Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
In a sweeping and deeply technical report, Oligo Security Research has disclosed a dangerous new family of vulnerabilities in Apple’s AirPlay protocol and its associated Software Development Kit (SDK) …
Read more
Published Date:
Apr 29, 2025 (4 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.