Cyberagentschap VS waarschuwt voor misbruik van kritiek Commvault-lek
Het Amerikaanse cyberagentschap CISA waarschuwt voor actief misbruik van een kritieke kwetsbaarheid in de back-upsoftware van Commvault, waardoor ongeauthenticeerde aanvallers kwetsbare servers via ee …
Read more
Published Date:
May 06, 2025 (3 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers.
Exploit a …
Read more
Published Date:
May 06, 2025 (1 hour, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-7399
CISA Warns of Langflow Missing Authentication Vulnerability Exploited in Attacks
CISA has added a critical Langflow vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, identified as CVE-2025-324 …
Read more
Published Date:
May 06, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
VS meldt actief misbruik van beveiligingslek in AI-software Langflow
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Langflow, opensourcesoftware voor het ontwikkelen en uitrollen van ‘AI-powered agents’. Langflow is een op Python-gebaseerde webappli …
Read more
Published Date:
May 06, 2025 (1 hour, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
CVE ID : CVE-2025-2011
Published : May 6, 2025, 10:15 a.m. | 1 hour, 37 minutes ago
Description : The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s’ parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3782
Published : May 6, 2025, 10:15 a.m. | 1 hour, 37 minutes ago
Description : The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46762
Published : May 6, 2025, 10:15 a.m. | 1 hour, 37 minutes ago
Description : Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code.
While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed.
The exploit is only applicable if the client code of parquet-avro uses the “specific” or the “reflect” models deliberately for reading Parquet files. (“generic” model is not impacted)
Users are recommended to upgrade to 1.15.2 or set the system property “org.apache.parquet.avro.SERIALIZABLE_PACKAGES” to an empty string on 1.15.1. Both are sufficient to fix the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40620
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40621
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40622
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ parameter of the ‘GetLastDatePasswordChange’ endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40623
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “email” parameters of the ‘createNotificationAndroid’ endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4347
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40624
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “email” parameters of the ‘updatePassword’ endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40625
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : Unrestricted file upload in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4348
Published : May 6, 2025, 11:15 a.m. | 36 minutes ago
Description : A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49842
Published : May 6, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49841
Published : May 6, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49835
Published : May 6, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption while reading secure file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49846
Published : May 6, 2025, 9:15 a.m. | 1 hour, 44 minutes ago
Description : Memory corruption while decoding of OTA messages from T3448 IE.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49844
Published : May 6, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption while triggering commands in the PlayReady Trusted application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…