Security

Multiple Vulnerabilities in NETSCOUT nGeniusONE Threaten Infrastructure Visibility Platforms

NETSCOUT has issued a advisory addressing a series of security vulnerabilities in its flagship infrastructure monitoring platform, nGeniusONE.
NETSCOUT’s nGeniusONE solution is a powerful tool, provid …
Read more

Published Date:
Apr 28, 2025 (2 hours, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32986

CVE-2025-32985

CVE-2025-32984

CVE-2025-32983

CVE-2025-32982

CVE-2025-32981

CVE-2025-32980

CVE-2025-32979

CVE-2023-43791

CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases

Security researcher Baptiste Mayaud from Synacktiv has detailed a critical vulnerability in the FastCGI library, tracked as CVE-2025-23016 (CVSS 9.4). The flaw, which stems from improper handling of p …
Read more

Published Date:
Apr 28, 2025 (2 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23016

React Router Vulnerabilities CVE-2025-43864 and CVE-2025-43865 Expose Web Applications to Attack

The React Router team has issued the advisory addressing two vulnerabilities affecting applications running in Framework mode: CVE-2025-43864 and CVE-2025-43865. Given React Router’s widespread usage …
Read more

Published Date:
Apr 28, 2025 (2 hours, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-43865

CVE-2025-43864

CVE-2025-31137

CVE-2023-4211

Critical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection

ARMO researchers have uncovered a critical weakness in Linux runtime security tools, revealing how the io_uring interface enables rootkits to operate undetected by conventional monitoring solutions. T …
Read more

Published Date:
Apr 28, 2025 (2 hours, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-43865

CVE-2025-43864

CVE-2022-2602

CVE-2022-1786

CISA Warns of Critical Vulnerabilities in Planet Technology Products

CISA has issued a new security advisory highlighting critical vulnerabilities impacting several Planet Technology products, including UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, and WGS-4215-8T2S …
Read more

Published Date:
Apr 28, 2025 (2 hours, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32432

CVE-2025-46275

CVE-2025-46274

CVE-2025-46273

CVE-2025-46272

CVE-2025-46271

CVE-2024-52320

CVE-2024-8456

Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public

Image: Chocapikk_
Security researcher Chocapikk has published a Metasploit module for a critical zero-day vulnerability impacting Craft CMS, tracked as CVE-2025-32432 (CVSS 10). This remote code execu …
Read more

Published Date:
Apr 28, 2025 (2 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32432

CVE-2024-58136

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild

Shadow Servers have identified 454 SAP NetWeaver systems vulnerable to a critical zero-day vulnerability that has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-31324, all …
Read more

Published Date:
Apr 28, 2025 (45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324

CVE ID : CVE-2025-3989

Published : April 27, 2025, 11:15 p.m. | 3 hours, 26 minutes ago

Description : A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3990

Published : April 27, 2025, 11:15 p.m. | 3 hours, 26 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3991

Published : April 28, 2025, 12:15 a.m. | 2 hours, 26 minutes ago

Description : A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-26692

Published : April 28, 2025, 12:15 a.m. | 2 hours, 49 minutes ago

Description : Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory (‘Path Traversal’). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27937

Published : April 28, 2025, 12:15 a.m. | 2 hours, 49 minutes ago

Description : Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory (‘Path Traversal’). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-31144

Published : April 28, 2025, 12:15 a.m. | 2 hours, 49 minutes ago

Description : Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3992

Published : April 28, 2025, 12:15 a.m. | 2 hours, 49 minutes ago

Description : A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3993

Published : April 28, 2025, 1:15 a.m. | 1 hour, 25 minutes ago

Description : A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3994

Published : April 28, 2025, 1:15 a.m. | 1 hour, 49 minutes ago

Description : A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3995

Published : April 28, 2025, 2:15 a.m. | 49 minutes ago

Description : A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3981

Published : April 27, 2025, 7:15 p.m. | 3 hours, 49 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3982

Published : April 27, 2025, 7:15 p.m. | 3 hours, 49 minutes ago

Description : A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2866

Published : April 27, 2025, 7:15 p.m. | 3 hours, 49 minutes ago

Description : Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.

In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid

This issue affects LibreOffice: from 24.8 before
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…