Security

NVIDIA TensorRT-LLM High-Severity Vulnerability Let Attackers Remote Code

NVIDIA TensorRT-LLM High-Severity Vulnerability Let Attackers Remote Code

NVIDIA has disclosed and patched a high-severity vulnerability in its TensorRT-LLM framework that could allow attackers with local access to execute malicious code, tamper with data, and potentially c …
Read more

Published Date:
May 02, 2025 (5 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23254

CISA Releases ICS Advisories Targeting Vulnerabilities & Exploits

CISA Releases ICS Advisories Targeting Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has released two Industrial Control Systems (ICS) advisories today, addressing critical security vulnerabilities that could potentially impa …
Read more

Published Date:
May 02, 2025 (4 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36558

CVE-2025-36521

CVE-2025-35996

CVE-2025-35975

macOS Sandbox Escape Vulnerability Allows Keychain Deletion and Replacement

macOS Sandbox Escape Vulnerability Allows Keychain Deletion and Replacement

A security vulnerability in macOS has been discovered. It allows malicious actors to escape the App Sandbox protection by manipulating security-scoped bookmarks.
Tracked as CVE-2025-31191, this vulner …
Read more

Published Date:
May 02, 2025 (2 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31191

CVE-2025-2812 – Mydata Informatics Ticket Sales Automation SQL Injection

CVE ID : CVE-2025-2812

Published : May 2, 2025, 9:15 a.m. | 4 hours, 5 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0072 – Arm Ltd Valhall GPU Kernel Driver After Free Vulnerability

CVE ID : CVE-2025-0072

Published : May 2, 2025, 10:15 a.m. | 2 hours, 58 minutes ago

Description : Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.

This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0427 – Arm Ltd Bifrost GPU, Valhall GPU, Arm 5th Gen GPU Architecture After Free Information Disclosure

CVE ID : CVE-2025-0427

Published : May 2, 2025, 10:15 a.m. | 2 hours, 58 minutes ago

Description : Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-1301 – Yordam Informatics Library Automation System Reflected Cross-site Scripting Vulnerability

CVE ID : CVE-2025-1301

Published : May 2, 2025, 11:15 a.m. | 1 hour, 57 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Yordam Informatics Library Automation System allows Reflected XSS.This issue affects Library Automation System: before 21.6.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-2421 – Profelis Informatics SambaBox Code Injection Vulnerability

CVE ID : CVE-2025-2421

Published : May 2, 2025, 12:15 p.m. | 58 minutes ago

Description : Improper Control of Generation of Code (‘Code Injection’) vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-2488 – Profelis Informatics SambaBox Cross-Site Scripting (XSS)

CVE ID : CVE-2025-2488

Published : May 2, 2025, 12:15 p.m. | 58 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses

The Windows security landscape has dramatically evolved in early 2025, marked by increasingly sophisticated attack vectors and Microsoft’s accelerated defensive innovations.
February 2025 witnessed a …
Read more

Published Date:
May 02, 2025 (3 hours, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29824

CVE-2025-0289

AI and automation shift the cybersecurity balance toward attackers

AI and automation shift the cybersecurity balance toward attackers

Threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet.
“Our latest Global Threat …
Read more

Published Date:
May 02, 2025 (3 hours, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-20439

CISA Warns of Apache HTTP Server Escape Vulnerability Exploited in the Wild

CISA Warns of Apache HTTP Server Escape Vulnerability Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-38475, a critical vulnerability affecting Apache HTTP Server, to its Known Exploited Vulnerabilities (KEV) catalog.
This …
Read more

Published Date:
May 02, 2025 (2 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-38475

CISA Warns of SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild

CISA Warns of SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild

CISA has added the SonicWall SMA100 OS Command Injection Vulnerability, tracked as CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog.
According to CISA’s May 1, 2025 advisory, this …
Read more

Published Date:
May 02, 2025 (2 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-38475

CVE-2023-44221

Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing

Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing

In March 2024, the widely adopted database caching solution Redis announced its transition to the Server Side Public License (SSPL)—a license that, while offering source code access, is not recognized …
Read more

Published Date:
May 02, 2025 (1 hour, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-31449

CVE-2023-41056

CVE-2022-35951

Apple Revises U.S. App Store Rules After Court Ruling in Epic Games Case

Apple Revises U.S. App Store Rules After Court Ruling in Epic Games Case

Following a court ruling that found Apple had willfully violated antitrust regulations—and the subsequent approval of Epic Games’ motion to enforce an injunction—Apple has now amended its App Store gu …
Read more

Published Date:
May 02, 2025 (1 hour, 38 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-54527

Microsoft Authenticator to Drop Password Manager Features by August 2025

Microsoft Authenticator to Drop Password Manager Features by August 2025

In 2020, Microsoft updated its Authenticator app to introduce password-saving and autofill capabilities, effectively transforming Microsoft Authenticator into a password manager with support for autof …
Read more

Published Date:
May 02, 2025 (45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-49112

CVE-2022-2385

CVE-2024-13858 – Buddyboss Platform Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-13858

Published : May 2, 2025, 7:15 a.m. | 2 hours, 4 minutes ago

Description : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13860 – Buddyboss WordPress Stored Cross-Site Scripting

CVE ID : CVE-2024-13860

Published : May 2, 2025, 7:15 a.m. | 2 hours, 4 minutes ago

Description : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…