Development

CVE ID : CVE-2025-48946

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48948

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48870

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47057. Reason: This candidate is a duplicate of CVE-2024-47057. Notes: All CVE users should reference CVE-2024-47057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48949

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5360

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5361

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5362

Published : May 30, 2025, 9:15 p.m. | 25 minutes ago

Description : A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5363

Published : May 30, 2025, 9:15 p.m. | 25 minutes ago

Description : A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Good, the Bad and the Ugly in Cybersecurity – Week 22

The Good | Robbinhood Ransomware Operator Pleads Guilty & Cyber Scam Firm Sanctioned
U.S. authorities have taken actions against Robbinhood ransomware and Funnull Technology, two high-impact cybercrim …
Read more

Published Date:
May 30, 2025 (4 hours, 51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57728

CVE-2024-57727

CVE-2024-57726

Critical Icinga 2 Vulnerability Allows Attackers to Bypass Validation and Obtain Certificates

A critical security vulnerability discovered in Icinga 2 monitoring systems enables attackers to bypass certificate validation and obtain legitimate certificates for impersonating trusted network node …
Read more

Published Date:
May 30, 2025 (4 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48057

Vulnerabilities in applications preloaded on Ulefone and Krüger&Matz smartphones

CVE ID
CVE-2024-13915
Publication date
30 May 2025
Vendor
Ulefone and Krüger&Matz
Product
com.pri.factorytest
Vulnerable versions
All through 1.0
Vulnerability type (CWE)
Improper Export of Android Ap …
Read more

Published Date:
May 30, 2025 (2 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-13917

CVE-2024-13916

CVE-2024-13915

May 2025 Patch Tuesday: Five Zero-Days and Five Critical Vulnerabilities Among 72 CVEs

Microsoft has addressed 72 vulnerabilities in its May 2025 security update release. This month’s patches include fixes for five actively exploited zero-day vulnerabilities, including a zero-day vulner …
Read more

Published Date:
May 30, 2025 (1 hour, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32709

CVE-2025-32706

CVE-2025-32701

CVE-2025-30400

CVE-2025-30397

CVE-2025-30386

CVE-2025-30377

CVE-2025-29967

CVE-2025-29966

CVE-2025-29833

CVE ID : CVE-2025-4433

Published : May 30, 2025, 1:15 p.m. | 3 hours, 44 minutes ago

Description : Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both “User Management” and “User Group Management” permissions to perform privilege escalation by adding users to groups with administrative privileges.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48331

Published : May 30, 2025, 2:15 p.m. | 3 hours, 23 minutes ago

Description : Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4598

Published : May 30, 2025, 2:15 p.m. | 3 hours, 23 minutes ago

Description : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original’s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.

A SUID binary or process has a special type of permission, which allows the process to run with the file owner’s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original’s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2571

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : Mattermost versions 10.7.x
Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1792

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : Mattermost versions 10.7.x
Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0602

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-7097

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.

Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-7096

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met:
* SOAP admin services are accessible to the attacker.
* The deployment includes an internally used attribute that is not part of the default WSO2 product configuration.
* At least one custom role exists with non-default permissions.
* The attacker has knowledge of the custom role and the internal attribute used in the deployment.

Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…