Development

CVE ID : CVE-2025-4532

Published : May 11, 2025, 6:15 a.m. | 23 minutes ago

Description : A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4529

Published : May 11, 2025, 4:15 a.m. | 17 minutes ago

Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyonWEB-INFlibseeyon-apps-m3.jar!comseeyonappsm3corecontrollerM3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4526

Published : May 11, 2025, 1:15 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47828

Published : May 11, 2025, 3:15 a.m. | 25 minutes ago

Description : Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4527

Published : May 11, 2025, 3:15 a.m. | 25 minutes ago

Description : A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4528

Published : May 11, 2025, 3:15 a.m. | 25 minutes ago

Description : A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Our 208th episode with a summary and discussion of last week’s big AI news!Recorded on 05/02/2025 Hosted by Andrey Kurenkov…

Routes are your Laravel Application’s entry point, defining how it responds to different URLS and HTTP requests. A route is…

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login…

Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch…

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the…

As autonomous systems increasingly rely on large language models (LLMs) for reasoning, planning, and action execution, a critical bottleneck has…

Language processing in enterprise environments faces critical challenges as business workflows increasingly depend on synthesising information from diverse sources, including…

ByteDance has released DeerFlow, an open-source multi-agent framework designed to enhance complex research workflows by integrating the capabilities of large…

LLMs have made impressive gains in complex reasoning, primarily through innovations in architecture, scale, and training approaches like RL. RL…

Large language models are now central to various applications, from coding to academic tutoring and automated assistants. However, a critical…

Sparse large language models (LLMs) based on the Mixture of Experts (MoE) framework have gained traction for their ability to…

In this tutorial, we walk you through setting up a fully functional bot in Google Colab that leverages Anthropic’s Claude…

CVE ID : CVE-2025-4514

Published : May 10, 2025, 8:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of the file /javascript.php. The manipulation of the argument Value leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4513

Published : May 10, 2025, 8:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…