Security

CVE ID : CVE-2025-44039

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44831

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45859

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45864

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45866

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45867

Published : May 13, 2025, 3:15 p.m. | 1 hour, 9 minutes ago

Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black…

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI)…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its…

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable…

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV)…

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker…

When a zero-day flaw surfaces in an enterprise tool that no one talks about publicly, it’s tempting to write it…

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part…

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting…

The European Union’s vulnerability database, under development since the release of the NIS2 Directive in December 2022, has officially launched.…

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in…

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs)…

A newly disclosed VMware Tools vulnerability could enable attackers with limited access to compromise virtual machines (VMs). Broadcom, which owns…

CVE ID : CVE-2025-41645

Published : May 13, 2025, 9:15 a.m. | 1 hour, 29 minutes ago

Description : An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…