Development

CVE ID : CVE-2025-3816

Published : April 19, 2025, 6:15 p.m. | 20 hours, 34 minutes ago

Description : A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3822

Published : April 20, 2025, 7:15 a.m. | 7 hours, 34 minutes ago

Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3823

Published : April 20, 2025, 11:15 a.m. | 3 hours, 33 minutes ago

Description : A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3824

Published : April 20, 2025, 11:15 a.m. | 3 hours, 33 minutes ago

Description : A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3825

Published : April 20, 2025, 12:15 p.m. | 2 hours, 34 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3826

Published : April 20, 2025, 1:15 p.m. | 1 hour, 33 minutes ago

Description : A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

It starts with a single tear. Not the kind you wipe away quietly during a movie. Not even the kind…

A simple package that validates EU VAT numbers against the central ec.europa.eu database Source: Read More 

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities…

Introduction In today’s digital world, security is paramount, especially when dealing with sensitive data like user authentication and financial transactions.…

FastAPI-MCP is a zero-configuration tool that seamlessly exposes FastAPI endpoints as Model Context Protocol (MCP) tools. It allows you to…

Rethinking the Problem of Collaboration in Language Models Large language models (LLMs) have demonstrated remarkable capabilities in single-agent tasks such…

package uytr;
import java.awt.Point;
import org.openqa.selenium.By;
import org.openqa.selenium.Keys;
//import org.openqa.selenium.By;
//import org.openqa.selenium.Keys;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.support.ui.Select;
public class Abi {
public static void main(String[] args) {
//System.setProperty(“webdriver.chrome.driver”, “C:UsersdhanaDownloadschromedriver-win64chromedriver-win64.exe”);
WebDriver driver=new ChromeDriver();
driver.get(“https://www.leafground.com/select.xhtml;jsessionid=node01o9qlws6megijfidmkoq8n2j0425439.node0”);
//driver.findElement(By.linkText(“Go to Dashboard”)).click();
WebElement sukanya= driver.findElement(By.className(“ui-selectonemenu”));
Select veera=new Select(sukanya);
String a=(String)veera.selectByVisibleText(“Playwright”);
System.out.println(a);
}

}

Apple Zero-Days Under ‘Sophisticated Attack,’ but Details Lacking

dpa picture alliance / AlamyTwo Apple zero-day vulnerabilities were exploited in “extremely sophisticated attacks,” according to the technology giant, but it has provided little detail on the threats. …
Read more

Published Date:
Apr 18, 2025 (1 day, 17 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31201

CVE-2025-31200

CISA adds Microsoft and Apple vulnerabilities to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the w …
Read more

Published Date:
Apr 18, 2025 (1 day, 16 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31201

CVE-2025-31200

CVE-2025-3608

CVE-2025-24054

Chinese hackers target Russian govt with upgraded RAT malware

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware.
Security researchers at Kaspersky’s Glob …
Read more

Published Date:
Apr 18, 2025 (1 day, 16 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2021-40449

CVE-2017-11882

SonicWall SMA VPN devices targeted in attacks since January

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arcti …
Read more

Published Date:
Apr 18, 2025 (1 day, 15 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2021-20035

CVE ID : CVE-2025-39587

Published : April 17, 2025, 4:15 p.m. | 2 days, 13 hours ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3801

Published : April 19, 2025, 2:15 p.m. | 14 hours, 38 minutes ago

Description : A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3804

Published : April 19, 2025, 4:15 p.m. | 12 hours, 38 minutes ago

Description : A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…