Security

CVE ID : CVE-2025-46392

Published : May 9, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x.

There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario’s where you only load trusted configurations.

Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Patches Four Critical Azure and Power Apps Vulnerabilities, Including CVSS 10 Privilege Escalation

Microsoft has addressed a cluster of critical vulnerabilities affecting several of its core cloud services—including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power Apps. Although n …
Read more

Published Date:
May 09, 2025 (5 hours, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47733

CVE-2025-29972

CVE-2025-29827

CVE-2025-29813

CVE-2025-21298

Arista Fixes Critical CloudVision Portal Vulnerability with CVSS 10 Score

Arista Networks has released a critical security advisory detailing a severe vulnerability in its CloudVision Portal (CVP) software, tracked as CVE-2024-11186, carrying the highest possible CVSS score …
Read more

Published Date:
May 09, 2025 (4 hours, 53 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-12378

CVE-2024-11186

CVE-2025-1260

CVE-2025-1259

May 2025 Patch Tuesday forecast: Panic, change, and hope

April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with …
Read more

Published Date:
May 09, 2025 (2 hours, 15 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32819

CVE-2025-29824

CVE-2025-26647

CVE ID : CVE-2024-11617

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘zetra_languageUpload’ and ‘zetra_fontsUpload’ functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2253

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user’s passwords, including administrators if the users email is known.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3605

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user’s identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user’s email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3455

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘start_restore’ function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3710

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3711

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3714

Published : May 9, 2025, 4:16 a.m. | 1 hour, 58 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3712

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3713

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4456

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4457

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4458

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_upatient.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4459

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4460

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47735

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47737

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…