Development

APT41/RedGolf Infrastructure Briefly Exposed: Fortinet Zero-Days Targeted Shiseido

In a rare window into the operations of an advanced persistent threat, a KeyPlug-linked infrastructure briefly went live, exposing tools and scripts tied to APT41/RedGolf operations. The server, activ …
Read more

Published Date:
Apr 21, 2025 (1 hour, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24797

CVE-2025-31103

CVE-2025-0108

CVE-2024-23109

CVE-2024-23108

CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild

A severe security vulnerability has been identified in Active! mail, a product of QUALITIA CO., LTD., posing a significant risk to affected systems. The Japan Computer Emergency Response Team (JPCERT) …
Read more

Published Date:
Apr 21, 2025 (1 hour, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-42599

Larva-24005: Kimsuky’s Global Cyber Espionage Campaign Exploits RDP and Office Flaws

A new cybersecurity report from the AhnLab Security intelligence Center (ASEC) has shed light on a recently identified operation linked to the notorious Kimsuky group. Dubbed “Larva-24005,” this campa …
Read more

Published Date:
Apr 21, 2025 (1 hour, 15 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-42599

CVE-2019-0708

CVE-2017-11882

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

ASUS has released a firmware update addressing a critical-severity vulnerability—CVE-2025-2492—with a CVSSv4 score of 9.2. The flaw impacts several ASUS router firmware series with AiCloud enabled and …
Read more

Published Date:
Apr 21, 2025 (1 hour, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2492

CVE-2024-13062

CVE-2024-12912

Yokogawa Recorders Vulnerable to Attack Due to Insecure Default Settings

Yokogawa Electric Corporation has issued a security advisory warning of a critical vulnerability affecting several of its industrial recorder products. Tracked as CVE-2025-1863, this flaw allows unaut …
Read more

Published Date:
Apr 21, 2025 (1 hour, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2492

CVE-2025-1863

Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution

A critical vulnerability has been unearthed in PyTorch, one of the most beloved deep learning frameworks out there. Security researcher Ji’an Zhou has identified a critical Remote Command Execution (R …
Read more

Published Date:
Apr 21, 2025 (51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32434

CVE-2024-5480

CVE-2024-5452

CVE-2023-43654

Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104

A security researcher published a proof-of-concept exploit code for an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to i …
Read more

Published Date:
Apr 21, 2025 (49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32434

CVE-2024-53197

CVE-2024-53104

CVE-2024-50302

CVE ID : CVE-2025-39588

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39595

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43929

Published : April 20, 2025, 3:15 a.m. | 23 hours ago

Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36844

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36845

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43961

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43962

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43964

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43966

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43967

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43963

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43971

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43970

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…