CVE ID : CVE-2025-29746
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30147
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto’s bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version of Besu is version 25.3.0. As a workaround for versions of Besu with the problem, the native precompile for altbn128 may be disabled in favor of the pure-java implementation. The pure java implementation is significantly slower, but does not have this consensus issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3272
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.
The vulnerability could allow authenticated users to change their password without providing their old password.
This issue affects Operations Bridge Manager: 24.2, 24.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45388
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3476
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45514
Published : May 7, 2025, 7:16 p.m. | 20 minutes ago
Description : Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of …
Read more
Published Date:
May 07, 2025 (2 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-3568
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
The vulnerability, t …
Read more
Published Date:
May 07, 2025 (1 hour, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks
Symantec’s Threat Hunter Team has uncovered a sophisticated attack involving a zero-day privilege escalation vulnerability in Microsoft’s Common Log File System (CLFS) driver — CVE-2025-29824 — active …
Read more
Published Date:
May 07, 2025 (4 hours, 34 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
CVE-2024-26169
CVE-2024-21762
CVE-2022-47945
CVE-2022-37969
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch to version 1.3.0 now!
In April 2025, cybersecurity researcher …
Read more
Published Date:
May 07, 2025 (3 hours, 58 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware
Threat actors linked to the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows prior to its patching on April 8, 2025.
The vulnerability, tracked as CVE-2025-29824, affe …
Read more
Published Date:
May 07, 2025 (3 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code
A critical security vulnerability in AWS Amplify Studio has been identified, potentially allowing authenticated users to execute arbitrary JavaScript code during component rendering and build processe …
Read more
Published Date:
May 07, 2025 (3 hours, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4318
Symantec: Windows-lek voor uitkomen patch gebruikt bij malware-aanval
Een kwetsbaarheid in Windows waarvoor op 8 april een beveiligingsupdate verscheen is al voor het uitkomen van de patch gebruikt voor het verspreiden van malware, zo stelt Symantec. Eerder maakte Micro …
Read more
Published Date:
May 07, 2025 (3 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service mana …
Read more
Published Date:
May 07, 2025 (3 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-47653
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47655
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47657
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Productive Minds Productive Commerce allows SQL Injection. This issue affects Productive Commerce: from n/a through 1.1.22.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47656
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in spiraclethemes Spiraclethemes Site Library allows Stored XSS. This issue affects Spiraclethemes Site Library: from n/a through 1.4.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47659
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47661
Published : May 7, 2025, 3:16 p.m. | 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 allows Cross Site Request Forgery. This issue affects 워드프레스 결제 심플페이: from n/a through 5.2.11.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…