CVE ID : CVE-2025-46585
Published : May 6, 2025, 7:15 a.m. | 32 minutes ago
Description : Out-of-bounds array read/write vulnerability in the kernel module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46586
Published : May 6, 2025, 7:15 a.m. | 32 minutes ago
Description : Permission control vulnerability in the contacts module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4327
Published : May 6, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4328
Published : May 6, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4329
Published : May 6, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass
A significant security vulnerability has been identified in BeyondTrust’s Privileged Remote Access (PRA) solution, posing a risk to organizations relying on this technology for managing privileged ses …
Read more
Published Date:
May 05, 2025 (4 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0217
CVE-2024-12356
CVE-2024-7399
CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild
A critical security vulnerability, CVE-2024-7399, is being actively exploited in the wild in Samsung MagicINFO 9 Server, a content management system (CMS) widely used for managing digital signage disp …
Read more
Published Date:
May 05, 2025 (3 hours, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0217
CVE-2025-3248
CVE-2024-7399
Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248
Image: Horizon3.ai
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248 to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active e …
Read more
Published Date:
May 05, 2025 (3 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
CVE-2025-27363
CVE-2024-7399
Android Security Bulletin May 2025: Multi Vulnerabilities Including Actively Exploited CVE-2025-27363
Google has released its Android Security Bulletin for May 2025, highlighting a range of high-severity vulnerabilities affecting Android OS components, third-party chipsets, and the popular FreeType li …
Read more
Published Date:
May 05, 2025 (3 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
CVE-2025-27363
Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching
IBM has released security updates to address two critical vulnerabilities affecting its flagship business intelligence platform, IBM Cognos Analytics, warning that attackers could exploit these flaws …
Read more
Published Date:
May 06, 2025 (2 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27363
CVE-2024-51466
CVE-2024-40695
DragonForce Ransomware Cartel Hits UK Retailers with Custom Payloads and Global Extortion Campaign
DragonForce affiliate panel | Image: SentinelOne
A disturbing evolution in the ransomware ecosystem has been exposed by cybersecurity firm SentinelOne, which has published an in-depth analysis of the …
Read more
Published Date:
May 06, 2025 (2 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-21412
CVE-2024-21893
CVE-2024-21887
CVE-2023-46805
CVE-2021-44228
Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password
A security vulnerability has been identified in Digigram’s PYKO-OUT audio-over-IP (AoIP) product, raising concerns about its use in applications such as paging, background music, and live announcement …
Read more
Published Date:
May 06, 2025 (2 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3927
CVE-2024-12366
CVE-2025-2605 (CVSS 9.9): Critical Vulnerability Found in Honeywell MB-Secure Alarm Panels
Honeywell has issued an urgent security notice (SN 2025-05-01-01) disclosing a critical vulnerability in its MB-Secure and MB-Secure PRO alarm control panels, used in physical security infrastructure …
Read more
Published Date:
May 06, 2025 (1 hour, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2905
CVE-2025-2605
CVE ID : CVE-2025-4298
Published : May 6, 2025, 12:15 a.m. | 3 hours, 19 minutes ago
Description : A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4299
Published : May 6, 2025, 12:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4300
Published : May 6, 2025, 12:15 a.m. | 3 hours, 19 minutes ago
Description : A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2509
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46728
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4301
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4303
Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…