Development

CVE ID : CVE-2025-4462

Published : May 9, 2025, 5:15 a.m. | 59 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4461

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4463

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3462

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : “This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.” An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software’s features via crafted HTTP requests.
Refer to the ‘Security Update for ASUS DriverHub’ section on the ASUS Security Advisory for more information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3463

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : “This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.” An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.
Refer to the ‘Security Update for ASUS DriverHub’ section on the ASUS Security Advisory for more information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4375

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password.
This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4376

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server’s WebEA model search field allows Cross-Site Scripting (XSS).
This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4377

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.

This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. 

Logview is accessible on Pro Cloud Server Configuration interface.

This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4465

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4464

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4466

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

New Phishing Tactic: Attackers Abuse Blob URIs to Bypass Email Security

A blob URI page spoofing a OneDrive login | Image: Cofense
Cofense Intelligence has detected a new technique used by threat actors to successfully deliver credential phishing pages to users’ inboxes: …
Read more

Published Date:
May 09, 2025 (4 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3155

Sophisticated IIS Malware Targets South Korean Web Servers

In a targeted and technically advanced cyber operation discovered in February 2025, the AhnLab Security Intelligence Center (ASEC) exposed a sophisticated campaign against South Korean web servers. Th …
Read more

Published Date:
May 09, 2025 (4 hours, 4 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2017-7269

Radware Cloud WAF Vulnerable to Filter Bypass via Crafted Requests

A newly disclosed vulnerability note by CERT/CC reveals two security flaws (CVE-2024-56523, CVE-2024-56524) in the Radware Cloud Web Application Firewall (WAF) that allow attackers to bypass its filte …
Read more

Published Date:
May 09, 2025 (3 hours, 51 minutes ago)

Vulnerabilities has been mentioned in this article.

Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass

Cisco has issued two separate advisories addressing vulnerabilities in its SD-WAN software suite, warning users of potential exploitation risks involving stored cross-site scripting (XSS) and traffic …
Read more

Published Date:
May 09, 2025 (3 hours, 34 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20221

CVE-2025-20147

CVE-2023-20252

CVE-2023-20214

CVE-2022-20696

CVE-2025-46337: Critical SQL Injection Vulnerability in ADOdb PHP Library

CVE-2025-46337 is a high-severity SQL injection vulnerability affecting the ADOdb PHP database abstraction library, which is widely used in web applications for managing database queries across multip …
Read more

Published Date:
May 09, 2025 (1 hour, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46337

CVE-2024-12797

CVE ID : CVE-2025-4442

Published : May 9, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4443

Published : May 9, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4446

Published : May 9, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4445

Published : May 9, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…