Samsung MagicINFO 9 Server RCE flaw now exploited in attacks
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.
Samsung MagicINFO Server is a centralized co …
Read more
Published Date:
May 06, 2025 (6 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-7399
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.
The tool was released b …
Read more
Published Date:
May 06, 2025 (5 hours, 44 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-30065
‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching
Source: Alexey Kotelnikov via Alamy Stock PhotoNEWS BRIEFA critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA’s) Know …
Read more
Published Date:
May 06, 2025 (3 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2025-3248
Researcher Says Patched Commvault Bug Still Exploitable
Source: T.Schneider via ShutterstockCertain versions of Commvault Command Center remain open to attack via a recently disclosed maximum severity vulnerability, even in supposedly patched builds of the …
Read more
Published Date:
May 06, 2025 (2 hours, 35 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
CVE ID : CVE-2024-12225
Published : May 6, 2025, 8:15 p.m. | 2 hours ago
Description : A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user’s user name.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47256
Published : May 6, 2025, 8:15 p.m. | 3 hours, 42 minutes ago
Description : Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47417
Published : May 6, 2025, 8:15 p.m. | 3 hours, 42 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0649
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Incorrect JSON input stringification in Google’s Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44073
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44899
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46572
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46573
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47418
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Building serverless AI agents has recently become a lot simpler. With the Langbase Docs MCP server, you can instantly connect…
CVE ID : CVE-2025-47419
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0853
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47420
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4372
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0855
Published : May 6, 2025, 11:15 p.m. | 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
The landscape of Artificial Intelligence is rapidly evolving, and one of the most exciting trends is the ability to run…