Security

CVE ID : CVE-2025-3491

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘acpt_validate_setting’ function. This is due to insufficient sanitization of the ‘template_name’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3915

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘aeropageDeletePost’ function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

NVIDIA Releases Security Update to Address GPU Driver Vulnerabilities

NVIDIA has issued a software security update for its GPU Display Driver to address multiple vulnerabilities. The vulnerabilities affect both the NVIDIA GPU Display Driver and the NVIDIA VGPU Software …
Read more

Published Date:
Apr 26, 2025 (2 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit

A newly published report by Yuma Masubuchi from the JPCERT Coordination Center (JPCERT/CC) has uncovered the deployment of a stealthy remote access trojan dubbed DslogdRAT, which was installed on comp …
Read more

Published Date:
Apr 26, 2025 (2 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0282

CVE-2024-21762

CVE-2022-47945

ConnectWise Patches Critical ViewState RCE Vulnerability in ScreenConnect

ConnectWise has issued an important security bulletin addressing a critical code injection vulnerability in ScreenConnect versions 25.2.3 and earlier. Tracked as CVE-2025-3935 (CVSS 81), the flaw invo …
Read more

Published Date:
Apr 26, 2025 (2 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3935

CVE-2025-0282

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.
The team at the int …
Read more

Published Date:
Apr 25, 2025 (3 hours, 20 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0282

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
The vulnerabilitie …
Read more

Published Date:
Apr 25, 2025 (2 hours, 35 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32432

CVE-2024-58136

CVE-2025-23209

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to run code remotely and gain full control.
A severe security …
Read more

Published Date:
Apr 25, 2025 (1 hour, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-34028

CVE-2024-27564

CVE ID : CVE-2025-28128

Published : April 25, 2025, 8:15 p.m. | 2 hours, 46 minutes ago

Description : An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32979

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32980

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32982

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32981

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32983

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32984

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32985

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46333

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32986

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Windows “inetpub” security fix can be abused to block future updates

A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates.
After people installed this month’s Mi …
Read more

Published Date:
Apr 25, 2025 (3 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-21204

SAP komt met noodpatch voor actief aangevallen NetWeaver-lek

SAP heeft een noodpatch uitgebracht voor een actief aangevallen kritieke kwetsbaarheid in NetWeaver. “De kwetsbaarheid laatg aanvallers volledige controle over SAP-bedrijfsdata en -processen, waaronde …
Read more

Published Date:
Apr 25, 2025 (3 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324