Google Uncovers LOSTKEYS Malware Used by Russian COLDRIVER for Cyber Espionage
Image: Google Threat Intelligence Group
In a concerning escalation of cyber-espionage activity, Google’s Threat Intelligence Group (GTIG) has revealed the emergence of a new malware tool named LOSTKEY …
Read more
Published Date:
May 08, 2025 (2 hours, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23123 (CVSS 10): Critical UniFi Protect Cameras Flaw Demands Immediate Updates
Ubiquiti has released a critical security advisory addressing two vulnerabilities in its UniFi Protect ecosystem, including a CVSS 10.0-rated remote code execution (RCE) vulnerability that could be ex …
Read more
Published Date:
May 08, 2025 (2 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
SonicWall has released a security advisory detailing multiple vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. The advisory highlights three significant post-authenticatio …
Read more
Published Date:
May 08, 2025 (1 hour, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access
Cisco has released a security advisory addressing a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, identified as CVE-2025-20188, carries a CVSS s …
Read more
Published Date:
May 08, 2025 (1 hour, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20188
CVE-2025-25181
CVE-2024-57968
CVE-2023-20252
CVE ID : CVE-2024-55651
Published : May 8, 2025, 12:15 a.m. | 3 hours, 21 minutes ago
Description : i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Play Ransomware Group Used Windows Zero-Day
Source: DD Images via ShutterstockMore than one ransomware actor appears to have exploited a recently disclosed Windows privilege escalation bug before Microsoft issued a patch for it in its April 202 …
Read more
Published Date:
May 07, 2025 (3 hours, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Meta Wins Lawsuit Against Spyware Vendor NSO Group
Source: Pictures Now via Alamy Stock PhotoIn a lawsuit spanning more than five years, Meta has finally come out the victor, winning nearly $168 million in damages yesterday from NSO Group, an Israeli …
Read more
Published Date:
May 07, 2025 (2 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-3568
CVE ID : CVE-2025-3925
Published : May 7, 2025, 9:16 p.m. | 2 hours, 20 minutes ago
Description : BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 contain an execution with unnecessary
privileges vulnerability, allowing for privilege escalation on the
device once code execution has been obtained.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31177
Published : May 7, 2025, 9:16 p.m. | 2 hours, 20 minutes ago
Description : gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4043
Published : May 7, 2025, 9:16 p.m. | 2 hours, 20 minutes ago
Description : An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-7303
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The patch is named 0ca85ca02f8aceb661e9b71fd229c45d388ea5b5. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-11953
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31644
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-35995
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36504
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36525
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36546
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user’s SSH private key.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41414
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41399
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41433
Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago
Description : When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…