CVE ID : CVE-2025-44899
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46572
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46573
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47418
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47419
Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago
Description : Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0853
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47420
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4372
Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago
Description : Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0855
Published : May 6, 2025, 11:15 p.m. | 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0856
Published : May 6, 2025, 11:15 p.m. | 42 minutes ago
Description : The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal…
In episode 49 of The AI Fix, OpenAI kills off a sycophantic bot, our hosts are introduced to a prophetic…
Qilin became the top ransomware group in April amid uncertainty over the status of RansomHub, according to a Cyble blog…
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation
Source: ktdesign via Alamy Stock PhotoNEWS BRIEFCISA added two older SonicWall bugs to the Known Exploited Vulnerabilities (KEV) catalog, marking the latest threat activity targeting the network secur …
Read more
Published Date:
May 06, 2025 (3 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2025-23006
CVE-2024-38475
CVE-2023-44221
Critical MobSF 0-Day Exposes Systems to Stored XSS & ZIP of Death Attacks
The Mobile Security Framework (MobSF), a widely utilized tool, contains two critical zero-day vulnerabilities.
These vulnerabilities, designated as CVE-2025-46335 and CVE-2025-46730, impact all versio …
Read more
Published Date:
May 06, 2025 (2 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46730
CVE-2025-46335
Critical Langflow RCE flaw exploited to hack AI app servers
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitig …
Read more
Published Date:
May 06, 2025 (1 hour, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
CVE ID : CVE-2025-22477
Published : May 6, 2025, 4:15 p.m. | 1 hour, 59 minutes ago
Description : Dell Storage Center – Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22478
Published : May 6, 2025, 4:15 p.m. | 1 hour, 59 minutes ago
Description : Dell Storage Center – Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45487
Published : May 6, 2025, 4:15 p.m. | 3 hours, 19 minutes ago
Description : Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45489
Published : May 6, 2025, 4:15 p.m. | 3 hours, 19 minutes ago
Description : Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…