CVE

CVE Alert: CVE-2025-23175

April 23, 2025

Vulnerability Summary: CVE-2025-23175 Multiple XSS (CWE-79) Affected Endpoints: No affected endpoints listed. Published Date: 4/22/2025, 1:15:42 PM ⚠️ CVSS Score:...

CVE Alert: CVE-2025-23250

April 23, 2025

Vulnerability Summary: CVE-2025-23250 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname...

CVE Alert: CVE-2025-23249

April 23, 2025

Vulnerability Summary: CVE-2025-23249 NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by...

CVE Alert: CVE-2025-29547

April 23, 2025

Vulnerability Summary: CVE-2025-29547 In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of...

CVE Alert: CVE-2025-1950

April 23, 2025

Vulnerability Summary: CVE-2025-1950 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute...

CVE Alert: CVE-2025-23251

April 23, 2025

Vulnerability Summary: CVE-2025-23251 NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of...

CVE Alert: CVE-2025-3767

April 23, 2025

Vulnerability Summary: CVE-2025-3767 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean...

CVE Alert: CVE-2025-34028

April 23, 2025

Vulnerability Summary: CVE-2025-34028 A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP...

CVE Alert: CVE-2025-28031

April 23, 2025

Vulnerability Summary: CVE-2025-28031 TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini. Affected...

CVE Alert: CVE-2024-33452

April 23, 2025

Vulnerability Summary: CVE-2024-33452 An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling...

CVE Alert: CVE-2025-27907

April 23, 2025

Vulnerability Summary: CVE-2025-27907 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow...

CVE Alert: CVE-2025-32950

April 23, 2025

Vulnerability Summary: CVE-2025-32950 Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In...

CVE Alert: CVE-2025-32951

April 23, 2025

Vulnerability Summary: CVE-2025-32951 Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In...

CVE Alert: CVE-2025-28039

April 23, 2025

Vulnerability Summary: CVE-2025-28039 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function...

CVE Alert: CVE-2025-32788

April 23, 2025

Vulnerability Summary: CVE-2025-32788 OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3,...

CVE Alert: CVE-2025-28038

April 23, 2025

Vulnerability Summary: CVE-2025-28038 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function...

CVE Alert: CVE-2025-32961

April 23, 2025

Vulnerability Summary: CVE-2025-32961 The Cuba JPA web API enables loading and saving any entities defined in the application data model...

CVE Alert: CVE-2025-32964

April 23, 2025

Vulnerability Summary: CVE-2025-32964 ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a...

CVE Alert: CVE-2025-32952

April 23, 2025

Vulnerability Summary: CVE-2025-32952 Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In...

CVE Alert: CVE-2025-32960

April 23, 2025

Vulnerability Summary: CVE-2025-32960 The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input...

CVE Alert: CVE-2025-32959

April 23, 2025

Vulnerability Summary: CVE-2025-32959 CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local...

CVE Alert: CVE-2025-43948

April 23, 2025

Vulnerability Summary: CVE-2025-43948 Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value...

CVE Alert: CVE-2025-43947

April 23, 2025

Vulnerability Summary: CVE-2025-43947 Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all...

CVE Alert: CVE-2025-43952

April 23, 2025

Vulnerability Summary: CVE-2025-43952 A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440)....

CVE

CVE Alert: CVE-2025-23175

CVE Alert: CVE-2025-23250

CVE Alert: CVE-2025-23249

CVE Alert: CVE-2025-29547

CVE Alert: CVE-2025-1950

CVE Alert: CVE-2025-23251

CVE Alert: CVE-2025-3767

CVE Alert: CVE-2025-34028

CVE Alert: CVE-2025-28031

CVE Alert: CVE-2024-33452

CVE Alert: CVE-2025-27907

CVE Alert: CVE-2025-32950

CVE Alert: CVE-2025-32951

CVE Alert: CVE-2025-28039

CVE Alert: CVE-2025-32788

CVE Alert: CVE-2025-28038

CVE Alert: CVE-2025-32961

CVE Alert: CVE-2025-32964

CVE Alert: CVE-2025-32952

CVE Alert: CVE-2025-32960

CVE Alert: CVE-2025-32959

CVE Alert: CVE-2025-43948

CVE Alert: CVE-2025-43947

CVE Alert: CVE-2025-43952

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-glue-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-cloudwatch-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-elasticache-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

[HUNTERS] – Ransomware Victim: Kenworth Del Sur

[LYNX] – Ransomware Victim: shgcpa[.]com

You may have missed