Development

CVE ID : CVE-2025-2839

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2594

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account’s user ID.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13569

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3814

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found

A major security flaw has been discovered in PyTorch, the widely used open-source machine learning framework. Identified as CVE-2025-32434, this newly reported PyTorch vulnerability allows attackers t …
Read more

Published Date:
Apr 21, 2025 (16 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

A critical vulnerability affecting the popular WordPress plugin Greenshift – animation and page builder blocks has come to light, potentially placing over 50,000 active websites at risk of full compro …
Read more

Published Date:
Apr 21, 2025 (2 hours, 55 minutes ago)

Vulnerabilities has been mentioned in this article.

SVG Files Weaponized: Phishing Attacks Embed HTML Code

Phishing is no longer just about shady links and poorly worded emails. According to a new report from Kaspersky Labs, threat actors are now embedding HTML and JavaScript code inside SVG files—turning …
Read more

Published Date:
Apr 22, 2025 (2 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0366

RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks

FortiGuard Labs recently discovered RustoBot, written in Rust, a memory-safe language known for its performance and security, a sophisticated botnet exploiting vulnerabilities in TOTOLINK and DrayTek …
Read more

Published Date:
Apr 22, 2025 (2 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-12987

CVE-2022-26187

CVE-2022-26210

Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited

A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability, tracked as CVE-2025-1976, allows a local user with admin p …
Read more

Published Date:
Apr 22, 2025 (2 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

FOG Ransomware Campaign Targets Multiple Sectors with Phishing and Payload Obfuscation

The initial ransom note dropped that uses DOGE-related references to troll | Image: Trend Micro
Trend Micro has identified a recent campaign involving FOG ransomware, demonstrating the adaptability of …
Read more

Published Date:
Apr 22, 2025 (1 hour, 56 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-40711

CVE-2024-40766

CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch

A security flaw has been unearthed in WinZip, the popular file compression utility, placing millions of users at risk of silent code execution. Tracked as CVE-2025-33028, this vulnerability enables a …
Read more

Published Date:
Apr 22, 2025 (1 hour, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33028

CVE-2025-1240

CVE-2025-0411

CVE-2024-8811

Google Spoofed in Sophisticated DKIM Replay Attack Exploiting Email Trust Mechanisms

What if an email in your inbox looked exactly like it came from Google—passed all authentication checks, had no spelling errors, came from a Google domain, and even discussed a subpoena involving your …
Read more

Published Date:
Apr 22, 2025 (1 hour, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33028

CVE-2023-42442

CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released

Image: Elli Shlomo
Security researcher Elli Shlomo published the technical details and a proof-of-concept exploit code for CVE-2025-21204, a severe local privilege escalation flaw within the Windows U …
Read more

Published Date:
Apr 22, 2025 (1 hour, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-21204

CVE-2024-38063

CVE ID : CVE-2025-39470

Published : April 18, 2025, 5:15 a.m. | 3 days, 20 hours ago

Description : Path Traversal: ‘…/…//’ vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3846

Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago

Description : A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3847

Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago

Description : A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3849

Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago

Description : A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2987

Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago

Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58250

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3855

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…