CVE ID : CVE-2025-3606
Published : April 25, 2025, 12:15 a.m. | 2 hours, 45 minutes ago
Description : Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43865
Published : April 25, 2025, 1:15 a.m. | 1 hour, 45 minutes ago
Description : React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it’s possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been patched in version 7.5.2.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43864
Published : April 25, 2025, 1:15 a.m. | 1 hour, 45 minutes ago
Description : React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. Source:…
Microsoft mystery folder fix might need a fix of its own
Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to …
Read more
Published Date:
Apr 24, 2025 (3 hours, 55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21204
CVE ID : CVE-2025-43859
Published : April 24, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11’s parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26382
Published : April 24, 2025, 8:15 p.m. | 1 hour, 48 minutes ago
Description : Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2022-44759
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2022-44760
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-37516
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : Missing “no cache” headers in HCL Leap permits user directory information to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30127
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : Missing “no cache” headers in HCL Leap permits sensitive data to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25777
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user’s profile without proper authentication or authorization checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29529
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43861
Published : April 24, 2025, 9:15 p.m. | 48 minutes ago
Description : ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the “Review Changes” dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed
Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows.
De …
Read more
Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released
A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform.
The vulnerability, tracked as CVE-2025-34028, could allow attackers to …
Read more
Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been up …
Read more
Published Date:
Apr 24, 2025 (5 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (C …
Read more
Published Date:
Apr 24, 2025 (4 hours, 58 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication.
The …
Read more
Published Date:
Apr 24, 2025 (3 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1732
CVE-2025-1731
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue.
The …
Read more
Published Date:
Apr 24, 2025 (3 hours, 50 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-6235