CVE ID : CVE-2025-46646
Published : April 26, 2025, 3:15 p.m. | 3 hours, 47 minutes ago
Description : In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46652
Published : April 26, 2025, 6:15 p.m. | 48 minutes ago
Description : In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers
Vulnerability / Enterprise Security
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code e …
Read more
Published Date:
Apr 25, 2025 (1 day, 3 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2017-12637
CVE-2017-9844
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now
Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control. Learn about the flaws, affected models and …
Read more
Published Date:
Apr 26, 2025 (1 hour, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46275
CVE-2025-46274
CVE-2025-46273
CVE-2025-46272
CVE-2025-46271
If you thought you’ve seen it all in the world of job hunting, think again.In my research journey as the…
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over…
Large language models (LLMs) have gained significant traction in reasoning tasks, including mathematics, logic, planning, and coding. However, a critical…
Designing and evaluating web interfaces is one of the most critical tasks in today’s digital-first world. Every change in layout,…
Autoregressive (AR) models have made significant advances in language generation and are increasingly explored for image synthesis. However, scaling AR…
Grootschalig misbruik van kritieke kwetsbaarheden in Craft CMS gemeld
Aanvallers maken op grote schaal misbruik van kritieke kwetsbaarheden in Craft CMS, zo meldt CERT Orange Cyberdefense. Updates zijn inmiddels beschikbaar, maar websites zijn al voor het uitkomen van d …
Read more
Published Date:
Apr 26, 2025 (2 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32432
CVE-2024-58136
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to …
Read more
Published Date:
Apr 26, 2025 (19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE ID : CVE-2025-2811
Published : April 26, 2025, 7:15 a.m. | 4 hours, 49 minutes ago
Description : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2850
Published : April 26, 2025, 8:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2851
Published : April 26, 2025, 8:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13812
Published : April 26, 2025, 9:15 a.m. | 2 hours, 49 minutes ago
Description : The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2101
Published : April 26, 2025, 9:15 a.m. | 2 hours, 49 minutes ago
Description : The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the ‘template’ parameter of the ‘edumall_lazy_load_template’ AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code
ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected syste …
Read more
Published Date:
Apr 26, 2025 (4 hours, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3935
CVE-2024-1709
CVE-2024-1708
Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data
According to security researchers at CERT Orange Cyberdefense, a critical remote code execution (RCE) vulnerability in Craft CMS is actively being exploited to breach servers and steal data.
The vulne …
Read more
Published Date:
Apr 26, 2025 (3 hours, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32432
CVE-2024-58136
CVE-2025-23209
CVE ID : CVE-2025-2801
Published : April 26, 2025, 4:15 a.m. | 3 hours, 13 minutes ago
Description : The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13808
Published : April 26, 2025, 5:15 a.m. | 2 hours, 14 minutes ago
Description : The Xpro Elementor Addons – Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…