CVE ID : CVE-2025-46757
Published : April 29, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Security
CVE ID : CVE-2025-46758
Published : April 29, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46759
Published : April 29, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46761
Published : April 29, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31202
Published : April 29, 2025, 3:15 a.m. | 3 hours, 40 minutes ago
Description : A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46329
Published : April 29, 2025, 5:15 a.m. | 1 hour, 40 minutes ago
Description : libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46330
Published : April 29, 2025, 5:15 a.m. | 1 hour, 40 minutes ago
Description : libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46338
Published : April 29, 2025, 5:15 a.m. | 1 hour, 40 minutes ago
Description : Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server’s error message, enabling arbitrary JavaScript execution in a victim’s browser. This issue has been patched in version 2.21.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46343
Published : April 29, 2025, 5:15 a.m. | 1 hour, 40 minutes ago
Description : n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allows the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could send a request to change the user’s email address in their account settings, effectively enabling account takeover. This issue has been patched in version 1.90.0.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-12273
Published : April 29, 2025, 6:15 a.m. | 40 minutes ago
Description : The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Fog Ransomware Directory With Active Directory Exploitation Tools & Scripts Uncovered
Cybersecurity analysts have uncovered an open directory linked to the Fog ransomware group, revealing a comprehensive toolkit used by threat actors to compromise corporate networks.
The directory, dis …
Read more
Published Date:
Apr 28, 2025 (20 hours, 17 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-42287
CVE-2021-42278
CVE-2020-1472
Mandiant: kwetsbaarheden in vpn-software vaakst aangevallen vorig jaar
Kwetsbaarheden in vpn-software blijven een zeer populair doelwit van aanvallers, zo stelt Mandiant. De helft van alle cyberincidenten die het securitybedrijf vorig jaar onderzocht begonnen via kwetsba …
Read more
Published Date:
Apr 28, 2025 (18 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3400
CVE-2023-48788
CVE-2024-21887
CVE-2023-46805
CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow atta …
Read more
Published Date:
Apr 28, 2025 (17 hours, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46275
CVE-2025-46274
CVE-2025-46273
CVE-2025-46272
CVE-2025-46271
Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution.
T …
Read more
Published Date:
Apr 28, 2025 (17 hours, 48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2025-34028
CVE-2025-27610
Critical Vulnerabilities in Quick Agent Software Expose Ricoh MFPs to Remote Attacks
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued an alert regarding multiple critical vulnerabilities found in Quick Agent, a Windows application developed by SIOS …
Read more
Published Date:
Apr 29, 2025 (3 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31144
CVE-2025-27937
CVE-2025-26692
CVE-2025-26506
CVE-2024-47939
CVE-2025-3200: Wiesemann & Theis Com-Server Devices Exposed by Deprecated TLS Protocols
A coordinated security advisory from CERT@VDE and Wiesemann & Theis GmbH has revealed critical vulnerabilities impacting several Wiesemann & Theis products, including the Com-Server++ and related mode …
Read more
Published Date:
Apr 29, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3200
CVE-2025-46617
CVE-2025-46616
Quantum Issues Critical Patch for StorNext GUI RCE Vulnerabilities (CVE-2025-46616, CVE-2025-46617)
Quantum has issued a critical security advisory warning users of two high-severity vulnerabilities in the StorNext GUI API, affecting a wide range of StorNext products. If exploited together, these vu …
Read more
Published Date:
Apr 29, 2025 (3 hours, 2 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3200
CVE-2025-46617
CVE-2025-46616
Fog Ransomware Group Exposed: Inside the Tools, Tactics, and Victims of a Stealthy Threat
Image: DFIR Report’s Threat Intel Group
In a new investigation, The DFIR Report’s Threat Intel Group has shed light on the growing operations of the Fog ransomware group, revealing a sophisticated ars …
Read more
Published Date:
Apr 29, 2025 (2 hours, 55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46617
CVE-2025-46616
CVE-2024-40711
CVE-2021-42278
CVE-2020-1472
CVE-2025-21756: How a Tiny Linux Kernel Bug Led to a Full Root Exploit, PoC Releases
In a recently analysis, security researcher Michael Hoefler has exposed the full depth of CVE-2025-21756, a Use-After-Free (UAF) vulnerability affecting the Linux kernel’s vsock subsystem. What began …
Read more
Published Date:
Apr 29, 2025 (2 hours, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21756
Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws
The Apache Software Foundation has released important security updates to address two vulnerabilities affecting multiple versions of Apache Tomcat, the widely used open-source Java Servlet container. …
Read more
Published Date:
Apr 29, 2025 (1 hour, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31651
CVE-2025-31650
CVE-2025-24813
CVE-2025-21756