Development

CVE ID : CVE-2025-39363

Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3583

Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago

Description : The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4266

Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago

Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2. The manipulation of the argument fromdate/tomdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4267

Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago

Description : A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4268

Published : May 5, 2025, 7:15 a.m. | 20 minutes ago

Description : A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4269

Published : May 5, 2025, 7:15 a.m. | 20 minutes ago

Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign

Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into critical infrastructure (CNI) in the Middle East. The rep …
Read more

Published Date:
May 05, 2025 (1 hour, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-3393

SocGholish Reloaded: Darktrace Uncovers Ransomware-Primed Loader Campaign

In a recent report, Darktrace’s Threat Research team has detailed a sophisticated malware campaign involving the SocGholish loader—a JavaScript-based first-stage malware now weaponized by ransomware a …
Read more

Published Date:
May 05, 2025 (1 hour, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31191

CVE-2023-48788

CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape

Microsoft Threat Intelligence has disclosed a significant vulnerability in macOS that could allow attackers to bypass the App Sandbox and execute unauthorized code on affected systems. The vulnerabili …
Read more

Published Date:
May 05, 2025 (1 hour, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31191

CVE-2024-54527

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

Image: watchTowr
A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr Labs, the technical disclosure outlines how two distinct vu …
Read more

Published Date:
May 05, 2025 (1 hour, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-40766

CVE-2024-38475

CVE-2023-44221

Bridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals

Cyber threat actor RomCom—also tracked as Storm-0978, Tropical Scorpius, UNC2596, Void Rabisu, and UAC-0180—has launched a new cyber espionage campaign targeting UK-based retail, hospitality, and crit …
Read more

Published Date:
May 05, 2025 (1 hour, 15 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46337

CVE-2024-49039

CVE-2024-9680

CVE-2023-36884

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0)

A critical security flaw has been disclosed in ADOdb, the widely-used PHP database abstraction library with over 2.8 million installations worldwide. Tracked as CVE-2025-46337, the vulnerability resid …
Read more

Published Date:
May 05, 2025 (1 hour, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46337

CVE-2025-46762: Apache Parquet Java Flaw Allows Potential RCE via Avro Schema

A critical security flaw has been identified in Apache Parquet Java, a popular open-source columnar storage format widely used in data-intensive applications and analytics pipelines. Tracked as CVE-20 …
Read more

Published Date:
May 05, 2025 (1 hour, 7 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-4254

Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LIST Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4255

Published : May 5, 2025, 12:15 a.m. | 3 hours, 18 minutes ago

Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4256

Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago

Description : A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4257

Published : May 5, 2025, 1:15 a.m. | 2 hours, 17 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4258

Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago

Description : A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file youkefu-mastersrcmainjavacomukefuwebimwebhandlerresourceMediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4273

Published : May 5, 2025, 2:15 a.m. | 1 hour, 17 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20665

Published : May 5, 2025, 3:15 a.m. | 17 minutes ago

Description : In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…