Security

CVE ID : CVE-2025-46833

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4475

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-31585

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28074

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1329

Published : May 8, 2025, 10:15 p.m. | 1 hour, 22 minutes ago

Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the

gethostbyaddr

function.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1331

Published : May 8, 2025, 10:15 p.m. | 1 hour, 22 minutes ago

Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1330

Published : May 8, 2025, 10:15 p.m. | 1 hour, 22 minutes ago

Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27578

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27720

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29813

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29827

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29972

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-31946

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.

Severity: 6.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-33072

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47732

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Microsoft Dataverse Remote Code Execution Vulnerability

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47733

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4440

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4107

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4441

Published : May 8, 2025, 11:15 p.m. | 22 minutes ago

Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-51328

Published : May 8, 2025, 4:15 p.m. | 3 hours, 22 minutes ago

Description : PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the “c_name, name” parameters.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…