Development

CVE ID : CVE-2025-3528

Published : May 9, 2025, 12:15 p.m. | 3 hours, 28 minutes ago

Description : A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1087

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3897

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the ‘file_get_contents’ function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4206

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘process_export_delete’ and ‘process_import_delete’ functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4382

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-11861

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12442

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45885

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter ’emailcont’ and use it directly in SQL queries.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45887

Published : May 9, 2025, 3:15 p.m. | 22 minutes ago

Description : Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In a previous article, I gave a brief introduction to React. This tutorial introduces an alternative approach to building a…

Generative AI is revolutionizing how we create, learn, and interact with digital content. From intelligent chatbots and personalized language tutors…

Arrow functions were introduced in PHP 7.4 to allow devs to write short, anonymous functions. They offer a compact alternative…

Preparing for an iOS developer interview can be a daunting task, especially when you’re trying to master both conceptual questions…

On this week’s episode of the podcast, freeCodeCamp founder Quincy Larson interviews Sam Crombie. He’s a software engineer and prolific…

Chris Pelkey was shot and killed in a road rage incident. At his killer’s sentencing, he forgave the man via…

In a bold move to tackle one of streaming’s biggest frustrations, endless scrolling, Netflix just unveiled a major redesign of…

Chinese tech powerhouse Baidu has filed a patent for a system that could use AI to decode animal sounds and…

ChatGPT, the popular AI chatbot from OpenAI, is unintentionally leading users into full-blown spiritual delusions, and families are sounding the…

At PHPGurukul, we realize that the journey of learning PHP to mastering PHP requires more than theoretical knowledge. It requires…

Can a PIM Make Your Data AI-Ready? Yes, a PIM can help get your data ready for AI—but only if…