Security

CVE ID : CVE-2025-5078

Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago

Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5077

Published : May 22, 2025, 2:16 p.m. | 2 hours, 30 minutes ago

Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-54188

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12093

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0605

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0993

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32813

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32815

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32915

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : Packages downloaded by Checkmk’s automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0679

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32814

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5024

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45471

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5080

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5079

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-23182

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : CWE-203: Observable Discrepancy

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-23183

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2506

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5.
To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45468

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4366

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.

Fixed in:  https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff

Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…