CVE ID : CVE-2025-39470
Published : April 18, 2025, 5:15 a.m. | 3 days, 20 hours ago
Description : Path Traversal: ‘…/…//’ vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3846
Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3847
Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3849
Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2987
Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-58250
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3855
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3850
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3854
Published : April 22, 2025, 1:15 a.m. | 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3856
Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct…
Japan’s Financial Services Agency (FSA) warned last week of the growing threat of hacked trading accounts that has resulted in…
Ukrainian President Volodymyr Zelenskyy has signed a sweeping cybersecurity bill aimed at bolstering the protection of state networks and critical…
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Cybersecurity / Hacking News
Can a harmless click really lead to a full-blown cyberattack?
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hid …
Read more
Published Date:
Apr 21, 2025 (11 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1093
CVE-2025-3278
CVE-2025-2492
CVE-2025-32433
CVE-2025-31201
CVE-2025-31200
CVE-2025-24859
CVE-2025-24054
CVE-2024-43451
CVE-2021-20035
ASUS Urges Users to Patch AiCloud Router Vuln Immediately
Source: A_Gree via Alamy Stock PhotoNEWS BRIEFASUS recently disclosed a critical security vulnerability affecting routers that have AiCloud enabled, potentially allowing remote attackers to perform un …
Read more
Published Date:
Apr 21, 2025 (5 hours, 35 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
On March 11 – Patch Tuesday – Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private s …
Read more
Published Date:
Apr 21, 2025 (4 hours, 13 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24054
Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users
Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web.
The …
Read more
Published Date:
Apr 21, 2025 (2 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
Today’s LLMs craft exploits from patches at lightning speed
The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
Matthew Keely, of Platform Security and penetration te …
Read more
Published Date:
Apr 21, 2025 (1 hour, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE ID : CVE-2025-3520
Published : April 18, 2025, 2:15 a.m. | 3 days, 20 hours ago
Description : The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42599
Published : April 18, 2025, 4:15 a.m. | 3 days, 18 hours ago
Description : Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…