Palo Alto Networks Security Advisories /PAN-SA-2025-0009PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)UrgencyMODERATE047910Severity7.6 ·HIGHExploit MaturityUNREPORTEDResponse EffortLOWRecoveryUSERValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionACTIVEProduct...
Palo Alto Networks Security Advisories /CVE-2025-0130CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted...
Palo Alto Networks Security Advisories /CVE-2025-0132CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal ServicesUrgencyMODERATE047910Severity2.7 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityCONCENTRATEDAttack...
Vulnerability Summary: CVE-2025-4552 A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by...
Vulnerability Summary: CVE-2025-4554 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical....
Vulnerability Summary: CVE-2025-4553 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by...
Vulnerability Summary: CVE-2025-3597 The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing...
Vulnerability Summary: CVE-2025-4558 The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change...
Vulnerability Summary: CVE-2025-4556 The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload...
Vulnerability Summary: CVE-2025-4557 The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated...
Vulnerability Summary: CVE-2025-4555 The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability,...
Vulnerability Summary: CVE-2025-4561 The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to...
Vulnerability Summary: CVE-2025-4559 The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL...
Vulnerability Summary: CVE-2025-41393 Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web...
Vulnerability Summary: CVE-2025-3649 The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs,...
Vulnerability Summary: CVE-2025-4560 The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system...
Vulnerability Summary: CVE-2025-3496 An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS...
Vulnerability Summary: CVE-2024-56524 Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding...
Vulnerability Summary: CVE-2025-22247 VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest...
Vulnerability Summary: CVE-2025-47270 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The...
Vulnerability Summary: CVE-2025-45835 A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8...
Vulnerability Summary: CVE-2024-56523 Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing...
Vulnerability Summary: CVE-2025-26846 An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic...
Vulnerability Summary: CVE-2025-26841 Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code...
