CVE ID : CVE-2025-43915
Published : May 5, 2025, 5:18 p.m. | 1 hour, 33 minutes ago
Description : In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd releases 2.16.* before 2.16.5, 2.17.* before 2.17.2, and 2.18.* before 2.18.0, resource exhaustion can occur for Linkerd proxy metrics.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45240
Published : May 5, 2025, 5:18 p.m. | 1 hour, 33 minutes ago
Description : foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45242
Published : May 5, 2025, 5:18 p.m. | 1 hour, 33 minutes ago
Description : Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43847
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to the extract_small_model function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43845
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43846
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path1 variable takes user input (e.g. a path to a model) and passes it to the show_info function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43848
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path0 variable takes user input (e.g. a path to a model) and passes it to the change_info function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43844
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, among others, take user input and pass it to the click_train function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45236
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45237
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45238
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45239
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4050
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4051
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4052
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4096
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4282
Published : May 5, 2025, 6:15 p.m. | 36 minutes ago
Description : A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
MediaTek Patches Multiple Vulnerabilities Affecting Tablets, Smartphones & TV Chipsets
MediaTek has released critical security patches addressing six significant vulnerabilities affecting a wide range of devices powered by their chipsets.
The vulnerabilities, disclosed in the company’s …
Read more
Published Date:
May 05, 2025 (1 hour, 55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20671
CVE-2025-20670
CVE-2025-20668
CVE-2025-20667
CVE-2025-20666
CVE-2025-20665
CVE ID : CVE-2025-2545
Published : May 5, 2025, 12:15 p.m. | 3 hours, 18 minutes ago
Description : Vulnerability in Best Practical Solutions, LLC’s Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28168
Published : May 5, 2025, 2:15 p.m. | 1 hour, 18 minutes ago
Description : Outsystems Multiple File Upload
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…