CVE ID : CVE-2025-39363
Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3583
Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago
Description : The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4266
Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2. The manipulation of the argument fromdate/tomdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4267
Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4268
Published : May 5, 2025, 7:15 a.m. | 20 minutes ago
Description : A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4269
Published : May 5, 2025, 7:15 a.m. | 20 minutes ago
Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign
Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into critical infrastructure (CNI) in the Middle East. The rep …
Read more
Published Date:
May 05, 2025 (1 hour, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3393
SocGholish Reloaded: Darktrace Uncovers Ransomware-Primed Loader Campaign
In a recent report, Darktrace’s Threat Research team has detailed a sophisticated malware campaign involving the SocGholish loader—a JavaScript-based first-stage malware now weaponized by ransomware a …
Read more
Published Date:
May 05, 2025 (1 hour, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31191
CVE-2023-48788
CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape
Microsoft Threat Intelligence has disclosed a significant vulnerability in macOS that could allow attackers to bypass the App Sandbox and execute unauthorized code on affected systems. The vulnerabili …
Read more
Published Date:
May 05, 2025 (1 hour, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31191
CVE-2024-54527
SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475
Image: watchTowr
A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr Labs, the technical disclosure outlines how two distinct vu …
Read more
Published Date:
May 05, 2025 (1 hour, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-40766
CVE-2024-38475
CVE-2023-44221
Bridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals
Cyber threat actor RomCom—also tracked as Storm-0978, Tropical Scorpius, UNC2596, Void Rabisu, and UAC-0180—has launched a new cyber espionage campaign targeting UK-based retail, hospitality, and crit …
Read more
Published Date:
May 05, 2025 (1 hour, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46337
CVE-2024-49039
CVE-2024-9680
CVE-2023-36884
Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0)
A critical security flaw has been disclosed in ADOdb, the widely-used PHP database abstraction library with over 2.8 million installations worldwide. Tracked as CVE-2025-46337, the vulnerability resid …
Read more
Published Date:
May 05, 2025 (1 hour, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46337
CVE-2025-46762: Apache Parquet Java Flaw Allows Potential RCE via Avro Schema
A critical security flaw has been identified in Apache Parquet Java, a popular open-source columnar storage format widely used in data-intensive applications and analytics pipelines. Tracked as CVE-20 …
Read more
Published Date:
May 05, 2025 (1 hour, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-4254
Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago
Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LIST Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4255
Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4256
Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4257
Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4258
Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file youkefu-mastersrcmainjavacomukefuwebimwebhandlerresourceMediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4273
Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-20665
Published : May 5, 2025, 3:15 a.m. | 17 minutes ago
Description : In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…