CVE ID : CVE-2024-40446
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-46546
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28032
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28033
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28034
Published : April 22, 2025, 2:15 p.m. | 22 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate…
The Moroccan authorities have warned users of a critical vulnerability in the popular WordPress plugin, InstaWP Connect. The General Directorate…
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs)…
MITRE has officially unveiled its highly anticipated D3FEND CAD tool as part of the D3FEND 1.0 release. This new Cyber…
In what has been described as an “extremely sophisticated phishing attack,” threat actors have leveraged an uncommon approach that allowed…
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints,…
HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication
A critical vulnerability in Hewlett Packard Enterprise‘s Performance Cluster Manager has been identified, enabling attackers to remotely bypass authentication safeguards.
The flaw, formally documented …
Read more
Published Date:
Apr 22, 2025 (3 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27086
Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation
A security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation.
Tracked as CVE-2025-21204, th …
Read more
Published Date:
Apr 22, 2025 (3 hours, 44 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
CVE-2025-21204
Google’s email spoofed by cunning phisherfolk who re-used DKIM creds
Infosec In Brief Email security outfit EasyDMARC recently spotted a phishing campaign that successfully spoofed Google with a sophisticated attack.
As explained in a technical breakdown, the attackers …
Read more
Published Date:
Apr 22, 2025 (3 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-25234
CVE-2025-25230
CVE-2025-31201
CVE-2025-31200
CVE-2021-20035
Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index
A significant correlation between vulnerability patching speed and reduced cybersecurity risks has emerged according to groundbreaking research released on March 25, 2025.
Organizations implementing r …
Read more
Published Date:
Apr 22, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-39471
Published : April 18, 2025, 5:15 a.m. | 4 days, 4 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46227
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46228
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46229
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46231
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…