Security

CVE ID : CVE-2025-4088

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4089

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : Due to insufficient escaping of special characters in the “copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user’s system. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4090

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4091

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4093

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4083

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document’s process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4065

Published : April 29, 2025, 3:15 p.m. | 47 minutes ago

Description : A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4066

Published : April 29, 2025, 3:15 p.m. | 47 minutes ago

Description : A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4067

Published : April 29, 2025, 3:15 p.m. | 47 minutes ago

Description : A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some…

Your iPhone isn’t necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch…

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have…

By Salleh Kodri, SE Regional Manager, Cyble 2024 wasn’t just another year in Malaysia’s digital journey — it was a wake-up…

In an engaging video podcast with Mihir Bagwe of The Cyber Express, Kapil Yewale, Head of Cybersecurity at Clearview, shared…

If you thought only your boss was peeking at your work screen, think again. Employee-monitoring tool Work Composer has committed…

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the…

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying…

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Microsoft has addressed 121 vulnerabilities in its April 2025 security update release. This month’s patches include fixes for one actively exploited zero-day vulnerability and 11 Critical vulnerabilit …
Read more

Published Date:
Apr 28, 2025 (21 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29824

CVE-2025-29791

CVE-2025-27752

CVE-2025-27749

CVE-2025-27748

CVE-2025-27745

CVE-2025-27738

CVE-2025-27491

CVE-2025-27482

CVE-2025-27480

CVE-2025-26686

CVE-2025-26670

CVE-2025-26663

CVE-2025-26647

CVE-2025-21197

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov
Executive Summary
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, …
Read more

Published Date:
Apr 29, 2025 (7 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-22457

CVE-2024-55956

CVE-2024-53104

CVE-2024-44309

CVE-2024-44308

CVE-2024-49039

CVE-2024-9680

CVE-2024-38178

CVE-2024-32896

CVE-2024-29748

CVE-2024-29745

CVE-2024-21338

CVE-2024-21887

CVE-2023-46805

CVE-2023-36884

Hackers Exploit Craft CMS Flaws: A Deep Dive into CVE-2025–32432

Imagine running a sleek website powered by Craft CMS, only to discover that hackers have slipped through the digital backdoor, wreaking havoc on your server. Sounds like a nightmare, right? 😱 Well, th …
Read more

Published Date:
Apr 29, 2025 (4 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.