CVE ID : CVE-2025-43949
Published : April 22, 2025, 6:16 p.m. | 31 minutes ago
Description : MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application’s database server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43950
Published : April 22, 2025, 6:16 p.m. | 31 minutes ago
Description : DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43952
Published : April 22, 2025, 6:16 p.m. | 31 minutes ago
Description : A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43951
Published : April 22, 2025, 6:16 p.m. | 31 minutes ago
Description : LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Update PyTorch ASAP | Kaspersky official blog
vulnerability
Researchers have found a way to exploit a security mechanism in a popular machine-learning framework.
April 22, 2025
A researcher has discovered a vulnerability in PyTorch – an open-sour …
Read more
Published Date:
Apr 22, 2025 (2 hours, 48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32434
CVE-2018-8611
New Rust Botnet Hijacking Routers to Inject Commands Remotely
A sophisticated new botnet malware written in the Rust programming language has been discovered targeting vulnerable router devices worldwide.
Dubbed “RustoBot” due to its Rust-based implementation, t …
Read more
Published Date:
Apr 22, 2025 (2 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-12987
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week.
“All users running an SSH server bas …
Read more
Published Date:
Apr 22, 2025 (1 hour, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE-2021-20035
Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware
Threat actors are exploiting bulletproof hosting service Proton66 for malicious activities, including campaigns from SuperBlack ransomware operators, Android malware distribution via hacked WordPress, …
Read more
Published Date:
Apr 22, 2025 (1 hour, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0108
CVE-2024-10914
CVE-2024-41713
DOGE Big Balls Ransomware Outlook
DOGE Big Balls Ransomware is an advanced cyber extortion campaign that uniquely blends technical exploitation, misdirection tactics, and reputational attacks to confuse victims and security analysts a …
Read more
Published Date:
Apr 22, 2025 (55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32445
CVE-2025-24054
CVE-2015-2291
CVE ID : CVE-2025-1863
Published : April 18, 2025, 6:15 a.m. | 4 days, 7 hours ago
Description : Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3785
Published : April 18, 2025, 9:15 a.m. | 4 days, 4 hours ago
Description : A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3786
Published : April 18, 2025, 9:15 a.m. | 4 days, 4 hours ago
Description : A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32953
Published : April 18, 2025, 9:15 p.m. | 3 days, 16 hours ago
Description : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-11299
Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago
Description : The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2092
Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago
Description : Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3457
Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘oceanwp_icon’ shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3458
Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3472
Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23175
Published : April 22, 2025, 1:15 p.m. | 1 hour, 21 minutes ago
Description : Multiple XSS (CWE-79)
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-40445
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…