CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users’ names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46618
Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2021-32601
Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2068
Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56156
Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2070
Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3928
Published : April 25, 2025, 4:15 p.m. | 3 hours, 29 minutes ago
Description : Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2069
Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25775
Published : April 25, 2025, 5:15 p.m. | 2 hours, 29 minutes ago
Description : Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30152
Published : April 25, 2025, 6:15 p.m. | 46 minutes ago
Description : HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3935
Published : April 25, 2025, 7:15 p.m. | 29 minutes ago
Description : ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.
If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.
The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
159 CVEs Exploited in The Wild in Q1 2025, 8.3% of Vulnerabilities Exploited Within 1-Day
In the first quarter of 2025, cybersecurity researchers documented an alarming surge in vulnerability exploitation, with 159 Common Vulnerabilities and Exposures (CVEs) being exploited in the wild.
Th …
Read more
Published Date:
Apr 25, 2025 (4 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
Chrome Use-After-Free Vulnerabilities Exploited in the Wild
Google Chrome has faced a series of high-profile security incidents involving Use-After-Free (UAF) vulnerabilities, several of which have been actively exploited in the wild.
These flaws, rooted in im …
Read more
Published Date:
Apr 25, 2025 (2 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2783
CVE-2025-2476
CVE-2024-7965
CVE-2024-4671
CVE-2025-34028 impacts Commvault Command Center
CVE-2025-34028 is a critical path traversal vulnerability affecting the Commvault Command Center Innovation Release. This flaw allows unauthenticated remote attackers to upload malicious ZIP files, wh …
Read more
Published Date:
Apr 25, 2025 (2 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1021
CVE-2025-34028
CVE-2025-1732
CVE-2025-1731
CVE-2025-32433
CVE-2025-24054