CVE ID : CVE-2025-3706
Published : April 28, 2025, 3:15 a.m. | 5 hours, 13 minutes ago
Description : The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user’s browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3997
Published : April 28, 2025, 3:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3998
Published : April 28, 2025, 4:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3999
Published : April 28, 2025, 4:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyoncommonjsaddDatedate.jsp of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4000
Published : April 28, 2025, 4:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyonssoproxyjspssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4001
Published : April 28, 2025, 5:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been found in scipopt scip up to 9.2.1 and classified as problematic. Affected by this vulnerability is the function main of the file examples/LOP/src/genRandomLOPInstance.c of the component File Descriptor Handler. The manipulation of the argument File leads to uncontrolled file descriptor consumption. Local access is required to approach this attack. Upgrading to version 9.2.2 is able to address this issue. The identifier of the patch is d6da63b941216d75fbc1aefea9abf1de6712a2d0. It is recommended to upgrade the affected component.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4002
Published : April 28, 2025, 5:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13688
Published : April 28, 2025, 6:15 a.m. | 2 hours, 13 minutes ago
Description : The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-9771
Published : April 28, 2025, 6:15 a.m. | 2 hours, 13 minutes ago
Description : The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0627
Published : April 28, 2025, 6:15 a.m. | 2 hours, 13 minutes ago
Description : The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4003
Published : April 28, 2025, 6:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4004
Published : April 28, 2025, 6:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument contactno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4005
Published : April 28, 2025, 7:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4006
Published : April 28, 2025, 7:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Multiple Vulnerabilities in NETSCOUT nGeniusONE Threaten Infrastructure Visibility Platforms
NETSCOUT has issued a advisory addressing a series of security vulnerabilities in its flagship infrastructure monitoring platform, nGeniusONE.
NETSCOUT’s nGeniusONE solution is a powerful tool, provid …
Read more
Published Date:
Apr 28, 2025 (2 hours, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32986
CVE-2025-32985
CVE-2025-32984
CVE-2025-32983
CVE-2025-32982
CVE-2025-32981
CVE-2025-32980
CVE-2025-32979
CVE-2023-43791
CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases
Security researcher Baptiste Mayaud from Synacktiv has detailed a critical vulnerability in the FastCGI library, tracked as CVE-2025-23016 (CVSS 9.4). The flaw, which stems from improper handling of p …
Read more
Published Date:
Apr 28, 2025 (2 hours, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23016
React Router Vulnerabilities CVE-2025-43864 and CVE-2025-43865 Expose Web Applications to Attack
The React Router team has issued the advisory addressing two vulnerabilities affecting applications running in Framework mode: CVE-2025-43864 and CVE-2025-43865. Given React Router’s widespread usage …
Read more
Published Date:
Apr 28, 2025 (2 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-43865
CVE-2025-43864
CVE-2025-31137
CVE-2023-4211
Critical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection
ARMO researchers have uncovered a critical weakness in Linux runtime security tools, revealing how the io_uring interface enables rootkits to operate undetected by conventional monitoring solutions. T …
Read more
Published Date:
Apr 28, 2025 (2 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-43865
CVE-2025-43864
CVE-2022-2602
CVE-2022-1786
CISA Warns of Critical Vulnerabilities in Planet Technology Products
CISA has issued a new security advisory highlighting critical vulnerabilities impacting several Planet Technology products, including UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, and WGS-4215-8T2S …
Read more
Published Date:
Apr 28, 2025 (2 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32432
CVE-2025-46275
CVE-2025-46274
CVE-2025-46273
CVE-2025-46272
CVE-2025-46271
CVE-2024-52320
CVE-2024-8456
Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public
Image: Chocapikk_
Security researcher Chocapikk has published a Metasploit module for a critical zero-day vulnerability impacting Craft CMS, tracked as CVE-2025-32432 (CVSS 10). This remote code execu …
Read more
Published Date:
Apr 28, 2025 (2 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32432
CVE-2024-58136