Vulnerabilities

CVE Alert: CVE-2025-50128

July 25, 2025

Vulnerability Summary: CVE-2025-50128 A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and...

CVE Alert: CVE-2025-41420

July 25, 2025

Vulnerability Summary: CVE-2025-41420 A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and...

CVE Alert: CVE-2025-36548

July 25, 2025

Vulnerability Summary: CVE-2025-36548 A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4...

CVE Alert: CVE-2025-53084

July 25, 2025

Vulnerability Summary: CVE-2025-53084 A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and...

CVE Alert: CVE-2025-31955

July 25, 2025

Vulnerability Summary: CVE-2025-31955 HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to...

CVE Alert: CVE-2025-5039

July 25, 2025

Vulnerability Summary: CVE-2025-5039 A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to...

CVE Alert: CVE-2025-45702

July 25, 2025

Vulnerability Summary: CVE-2025-45702 SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext. Affected Endpoints:...

CVE Alert: CVE-2025-48732

July 25, 2025

Vulnerability Summary: CVE-2025-48732 An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff....

CVE Alert: CVE-2025-8115

July 25, 2025

Vulnerability Summary: CVE-2025-8115 A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected...

CVE Alert: CVE-2025-31952

July 25, 2025

Vulnerability Summary: CVE-2025-31952 HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless...

CVE Alert: CVE-2025-31953

July 25, 2025

Vulnerability Summary: CVE-2025-31953 HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or...

CVE Alert: CVE-2025-8123

July 25, 2025

Vulnerability Summary: CVE-2025-8123 A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected...

CVE Alert: CVE-2025-3614

July 25, 2025

Vulnerability Summary: CVE-2025-3614 The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...

CVE Alert: CVE-2025-6260

July 25, 2025

Vulnerability Summary: CVE-2025-6260 The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers,...

CVE Alert: CVE-2025-54454

July 25, 2025

Vulnerability Summary: CVE-2025-54454 Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO...

CVE Alert: CVE-2025-54451

July 25, 2025

Vulnerability Summary: CVE-2025-54451 Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code...

CVE Alert: CVE-2025-54453

July 25, 2025

Vulnerability Summary: CVE-2025-54453 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9...

CVE Alert: CVE-2025-54441

July 25, 2025

Vulnerability Summary: CVE-2025-54441 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This...

CVE Alert: CVE-2025-54452

July 25, 2025

Vulnerability Summary: CVE-2025-54452 Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server:...

CVE Alert: CVE-2025-54450

July 25, 2025

Vulnerability Summary: CVE-2025-54450 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9...

CVE Alert: CVE-2025-54455

July 25, 2025

Vulnerability Summary: CVE-2025-54455 Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO...

CVE Alert: CVE-2025-54449

July 25, 2025

Vulnerability Summary: CVE-2025-54449 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This...

CVE Alert: CVE-2025-6174

July 25, 2025

Vulnerability Summary: CVE-2025-6174 The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the...

CVE Alert: CVE-2025-54448

July 25, 2025

Vulnerability Summary: CVE-2025-54448 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This...

Vulnerabilities

CVE Alert: CVE-2025-50128

CVE Alert: CVE-2025-41420

CVE Alert: CVE-2025-36548

CVE Alert: CVE-2025-53084

CVE Alert: CVE-2025-31955

CVE Alert: CVE-2025-5039

CVE Alert: CVE-2025-45702

CVE Alert: CVE-2025-48732

CVE Alert: CVE-2025-8115

CVE Alert: CVE-2025-31952

CVE Alert: CVE-2025-31953

CVE Alert: CVE-2025-8123

CVE Alert: CVE-2025-3614

CVE Alert: CVE-2025-6260

CVE Alert: CVE-2025-54454

CVE Alert: CVE-2025-54451

CVE Alert: CVE-2025-54453

CVE Alert: CVE-2025-54441

CVE Alert: CVE-2025-54452

CVE Alert: CVE-2025-54450

CVE Alert: CVE-2025-54455

CVE Alert: CVE-2025-54449

CVE Alert: CVE-2025-6174

CVE Alert: CVE-2025-54448

HackerOne Bug Bounty Disclosure: stack-buffer-overflow-in-curl-cookie-parsing-leads-to-rce-batuhanilgarr

BugCrowd Bug Bounty Disclosure: P3 – Publicly Editable Google Docs Linked from NASA SnowEx PPT –

BugCrowd Bug Bounty Disclosure: P3 – Details of the collaboration between NASA and Inmarsat Government and the type of contract –

Apple Products Multiple Vulnerabilities

Miljödata – 870,108 breached accounts

You may have missed