Security

CVE ID : CVE-2025-45237

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45238

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45239

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4050

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4051

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4052

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4096

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4282

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2545

Published : May 5, 2025, 12:15 p.m. | 3 hours, 18 minutes ago

Description : Vulnerability in Best Practical Solutions, LLC’s Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28168

Published : May 5, 2025, 2:15 p.m. | 1 hour, 18 minutes ago

Description : Outsystems Multiple File Upload
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45751

Published : May 5, 2025, 2:15 p.m. | 1 hour, 18 minutes ago

Description : SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47268

Published : May 5, 2025, 2:15 p.m. | 1 hour, 18 minutes ago

Description : ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4316

Published : May 5, 2025, 2:15 p.m. | 1 hour, 18 minutes ago

Description : Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58098

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: track changes_pkt_data property for global functions

When processing calls to certain helpers, verifier invalidates all
packet pointers in a current state. For example, consider the
following program:

__attribute__((__noinline__))
long skb_pull_data(struct __sk_buff *sk, __u32 len)
{
return bpf_skb_pull_data(sk, len);
}

SEC(“tc”)
int test_invalidate_checks(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
if ((void *)(p + 1) > (void *)(long)sk->data_end) return TCX_DROP;
skb_pull_data(sk, 0);
*p = 42;
return TCX_PASS;
}

After a call to bpf_skb_pull_data() the pointer ‘p’ can’t be used
safely. See function filter.c:bpf_helper_changes_pkt_data() for a list
of such helpers.

At the moment verifier invalidates packet pointers when processing
helper function calls, and does not traverse global sub-programs when
processing calls to global sub-programs. This means that calls to
helpers done from global sub-programs do not invalidate pointers in
the caller state. E.g. the program above is unsafe, but is not
rejected by verifier.

This commit fixes the omission by computing field
bpf_subprog_info->changes_pkt_data for each sub-program before main
verification pass.
changes_pkt_data should be set if:
– subprogram calls helper for which bpf_helper_changes_pkt_data
returns true;
– subprogram calls a global function,
for which bpf_subprog_info->changes_pkt_data should be set.

The verifier.c:check_cfg() pass is modified to compute this
information. The commit relies on depth first instruction traversal
done by check_cfg() and absence of recursive function calls:
– check_cfg() would eventually visit every call to subprogram S in a
state when S is fully explored;
– when S is fully explored:
– every direct helper call within S is explored
(and thus changes_pkt_data is set if needed);
– every call to subprogram S1 called by S was visited with S1 fully
explored (and thus S inherits changes_pkt_data from S1).

The downside of such approach is that dead code elimination is not
taken into account: if a helper call inside global function is dead
because of current configuration, verifier would conservatively assume
that the call occurs for the purpose of the changes_pkt_data
computation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58100

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: check changes_pkt_data property for extension programs

When processing calls to global sub-programs, verifier decides whether
to invalidate all packet pointers in current state depending on the
changes_pkt_data property of the global sub-program.

Because of this, an extension program replacing a global sub-program
must be compatible with changes_pkt_data property of the sub-program
being replaced.

This commit:
– adds changes_pkt_data flag to struct bpf_prog_aux:
– this flag is set in check_cfg() for main sub-program;
– in jit_subprogs() for other sub-programs;
– modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;
– moves call to check_attach_btf_id() after the call to check_cfg(),
because it needs changes_pkt_data flag to be set:

bpf_check:
… …
– check_attach_btf_id resolve_pseudo_ldimm64
resolve_pseudo_ldimm64 –> bpf_prog_is_offloaded
bpf_prog_is_offloaded check_cfg
check_cfg + check_attach_btf_id
… …

The following fields are set by check_attach_btf_id():
– env->ops
– prog->aux->attach_btf_trace
– prog->aux->attach_func_name
– prog->aux->attach_func_proto
– prog->aux->dst_trampoline
– prog->aux->mod
– prog->aux->saved_dst_attach_type
– prog->aux->saved_dst_prog_type
– prog->expected_attach_type

Neither of these fields are used by resolve_pseudo_ldimm64() or
bpf_prog_offload_verifier_prep() (for netronome and netdevsim
drivers), so the reordering is safe.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58237

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: consider that tail calls invalidate packet pointers

Tail-called programs could execute any of the helpers that invalidate
packet pointers. Hence, conservatively assume that each tail call
invalidates packet pointers.

Making the change in bpf_helper_changes_pkt_data() automatically makes
use of check_cfg() logic that computes ‘changes_pkt_data’ effect for
global sub-programs, such that the following program could be
rejected:

int tail_call(struct __sk_buff *sk)
{
bpf_tail_call_static(sk, &jmp_table, 0);
return 0;
}

SEC(“tc”)
int not_safe(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
… make p valid …
tail_call(sk);
*p = 42; /* this is unsafe */
…
}

The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that
can invalidate packet pointers. Otherwise, it can’t be freplaced with
tailcall_freplace.c:entry_freplace() that does a tail call.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47240

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4271

Published : May 5, 2025, 8:15 a.m. | 3 hours, 24 minutes ago

Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4270

Published : May 5, 2025, 8:15 a.m. | 3 hours, 24 minutes ago

Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2905

Published : May 5, 2025, 9:15 a.m. | 2 hours, 24 minutes ago

Description : An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.

This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.

*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.

*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.

*
DoS attacks such as “Billion Laughs” payloads can cause service disruption.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…