Development

CVE ID : CVE-2025-4357

Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago

Description : A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4358

Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4359

Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago

Description : A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2898

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46814

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.

Severity: 3.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4360

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4361

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department.php. The manipulation of the argument departmentname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4362

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4373

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4374

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn’t been mirrored yet, they are granted “Admin” permissions on the newly created repository.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

People are asking AI to recreate the same image over and over again, with each iteration drifting further and further…

In the second blog post of this three-part Solution Highlight series featuring a proven leader in defense-grade, high assurance cyber…

Laravel’s pathSegments() method transforms URI path handling by returning path components as a collection. This feature eliminates manual string splitting,…

Veil is a Laravel package designed to enhance the management of encrypted environment variables in your Laravel or Laravel Zero…

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable…

It wasn’t ransomware headlines or zero-day exploits that stood out most in this year’s Verizon 2025 Data Breach Investigations Report…

The blog discusses Tx-DevSecOps, Txs’ innovative accelerator designed to embed security seamlessly within DevOps processes. It bridges the gap between speed and security in modern DevOps environments. It also offers automated testing and compliance-ready pipelines, enabling teams to release secure, high-quality software quickly and confidently.
The post Tx-DevSecOps – Bridging the Gap Between Security and Speed in DevOps first appeared on TestingXperts.

Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks

A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked …
Read more

Published Date:
May 05, 2025 (1 day ago)

Vulnerabilities has been mentioned in this article.

UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes

A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.
The flaw, which targets the U …
Read more

Published Date:
May 06, 2025 (4 hours, 39 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2019-0603

OpenAI to Retain Non-Profit Structure, Focus on Societal Impact

OpenAI recently announced that it will retain permanent control under its original non-profit structure, while transitioning its subsidiary limited liability company (LLC) into a Public Benefit Corpor …
Read more

Published Date:
May 06, 2025 (3 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27007

CVE-2022-26730