Development

CVE ID : CVE-2025-4481

Published : May 9, 2025, 5:15 p.m. | 2 hours, 23 minutes ago

Description : A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1993

Published : May 9, 2025, 6:16 p.m. | 1 hour, 22 minutes ago

Description : IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4482

Published : May 9, 2025, 6:16 p.m. | 1 hour, 22 minutes ago

Description : A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the file /change_pass/forgot_password_sql.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4483

Published : May 9, 2025, 6:16 p.m. | 1 hour, 22 minutes ago

Description : A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4484

Published : May 9, 2025, 7:16 p.m. | 22 minutes ago

Description : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4485

Published : May 9, 2025, 7:16 p.m. | 22 minutes ago

Description : A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=delete_trainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3528

Published : May 9, 2025, 12:15 p.m. | 3 hours, 28 minutes ago

Description : A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1087

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3897

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the ‘file_get_contents’ function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4206

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘process_export_delete’ and ‘process_import_delete’ functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4382

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-11861

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12442

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45885

Published : May 9, 2025, 2:15 p.m. | 1 hour, 23 minutes ago

Description : PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter ’emailcont’ and use it directly in SQL queries.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45887

Published : May 9, 2025, 3:15 p.m. | 22 minutes ago

Description : Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In a previous article, I gave a brief introduction to React. This tutorial introduces an alternative approach to building a…

Generative AI is revolutionizing how we create, learn, and interact with digital content. From intelligent chatbots and personalized language tutors…

Arrow functions were introduced in PHP 7.4 to allow devs to write short, anonymous functions. They offer a compact alternative…

Preparing for an iOS developer interview can be a daunting task, especially when you’re trying to master both conceptual questions…

On this week’s episode of the podcast, freeCodeCamp founder Quincy Larson interviews Sam Crombie. He’s a software engineer and prolific…