CVE ID : CVE-2025-46577
Published : April 27, 2025, 2:15 a.m. | 48 minutes ago
Description : There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46578
Published : April 27, 2025, 2:15 a.m. | 48 minutes ago
Description : There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46579
Published : April 27, 2025, 2:15 a.m. | 48 minutes ago
Description : There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Look out for AI-generated ‘TikDocs’ who exploit the public’s trust in the medical profession to drive sales of sketchy supplements…
Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching
The Cyber Security Agency of Singapore (CSA) has warned users about a critical vulnerability affecting the Commvault Command Center. This Commvault vulnerability, identified as CVE-2025-34028, has bee …
Read more
Published Date:
Apr 25, 2025 (1 day, 11 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
CVE-2025-29824
CVE-2025-30406
CVE ID : CVE-2025-46653
Published : April 26, 2025, 9:15 p.m. | 1 hour, 48 minutes ago
Description : Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not “cryptographically secure.” (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46654
Published : April 26, 2025, 9:15 p.m. | 1 hour, 48 minutes ago
Description : CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46655
Published : April 26, 2025, 9:15 p.m. | 1 hour, 48 minutes ago
Description : CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3954
Published : April 26, 2025, 10:15 p.m. | 48 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46656
Published : April 26, 2025, 10:15 p.m. | 48 minutes ago
Description : python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-53636
Published : April 26, 2025, 3:15 p.m. | 3 hours, 47 minutes ago
Description : An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46646
Published : April 26, 2025, 3:15 p.m. | 3 hours, 47 minutes ago
Description : In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46652
Published : April 26, 2025, 6:15 p.m. | 48 minutes ago
Description : In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers
Vulnerability / Enterprise Security
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code e …
Read more
Published Date:
Apr 25, 2025 (1 day, 3 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE-2017-12637
CVE-2017-9844
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now
Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control. Learn about the flaws, affected models and …
Read more
Published Date:
Apr 26, 2025 (1 hour, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46275
CVE-2025-46274
CVE-2025-46273
CVE-2025-46272
CVE-2025-46271
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over…
Grootschalig misbruik van kritieke kwetsbaarheden in Craft CMS gemeld
Aanvallers maken op grote schaal misbruik van kritieke kwetsbaarheden in Craft CMS, zo meldt CERT Orange Cyberdefense. Updates zijn inmiddels beschikbaar, maar websites zijn al voor het uitkomen van d …
Read more
Published Date:
Apr 26, 2025 (2 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32432
CVE-2024-58136
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to …
Read more
Published Date:
Apr 26, 2025 (19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31324
CVE ID : CVE-2025-2811
Published : April 26, 2025, 7:15 a.m. | 4 hours, 49 minutes ago
Description : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2851
Published : April 26, 2025, 8:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…