Oracle VirtualBox Vulnerability Exposes Systems to Privilege Escalation Attacks
A critical security flaw in Oracle VM VirtualBox (CVE-2024-21113) has been patched after researchers discovered it could allow local attackers to escalate privileges and compromise hypervisor environm …
Read more
Published Date:
May 01, 2025 (3 hours, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-21113
Chrome 136 Released with bug fixes
Google has rolled out the Chrome 136 update, addressing a range of vulnerabilities across various components of the browser to enhance user security and privacy. Below are the key issues resolved:1. H …
Read more
Published Date:
May 01, 2025 (3 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
Tesla Model 3 VCSEC Vulnerability Allows Attackers to Execute Arbitrary Code
A critical vulnerability in Tesla Model 3’s vehicle security systems has exposed thousands of cars to potential remote attacks, cybersecurity researchers revealed this week.
Designated CVE-2025-2082, …
Read more
Published Date:
May 01, 2025 (3 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2082
Amazon Launches Nova Premier AI Model with 1 Million Token Context
At the re:Invent 2024 conference last year, Amazon unveiled its proprietary Nova series of generative artificial intelligence models. Following several iterations and updates, the company has now intr …
Read more
Published Date:
May 01, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-40767
Netgear EX6200 Vulnerabilities Expose Routers to Remote Attacks & Data Theft
Security researchers have disclosed three critical vulnerabilities in Netgear’s EX6200 wireless routers, enabling attackers to remotely compromise devices, execute malicious code, and potentially stea …
Read more
Published Date:
May 01, 2025 (2 hours, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4150
CVE-2025-4149
CVE-2025-4148
CVE ID : CVE-2025-1529
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3874
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3889
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the ‘process_payment_data’ due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3890
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_cart_button’ shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4163
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4164
Published : May 1, 2025, 12:15 p.m. | 53 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47154
Published : May 1, 2025, 8:15 a.m. | 2 hours, 59 minutes ago
Description : LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says “Ladybird is in a pre-alpha state, and only suitable for use by developers.”
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4155
Published : May 1, 2025, 8:15 a.m. | 3 hours, 38 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4156
Published : May 1, 2025, 8:15 a.m. | 3 hours, 38 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4157
Published : May 1, 2025, 9:15 a.m. | 2 hours, 38 minutes ago
Description : A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4158
Published : May 1, 2025, 9:15 a.m. | 2 hours, 38 minutes ago
Description : A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been classified as critical. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4159
Published : May 1, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4160
Published : May 1, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27007
Published : May 1, 2025, 11:15 a.m. | 37 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4161
Published : May 1, 2025, 11:15 a.m. | 37 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…