CVE-2025-31328 - SAP Learning Solution CSRF Vulnerability
CVE ID : CVE-2025-31328
Published : April 22, 2025, 7:15 p.m. | 1 hour, 23 minutes ago
Description : SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31328
Published : April 22, 2025, 7:15 p.m. | 1 hour, 23 minutes ago
Description : SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26159 - Laravel Starter XSS in Tag Name Field
CVE ID : CVE-2025-26159
Published : April 22, 2025, 8:15 p.m. | 23 minutes ago
Description : Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26159
Published : April 22, 2025, 8:15 p.m. | 23 minutes ago
Description : Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29743 - D-Link DIR-816 Command Injection Vulnerability
CVE ID : CVE-2025-29743
Published : April 22, 2025, 8:15 p.m. | 23 minutes ago
Description : D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29743
Published : April 22, 2025, 8:15 p.m. | 23 minutes ago
Description : D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32965 - XRP Ledger Malicious Code Exfiltration in xrpl.js
CVE ID : CVE-2025-32965
Published : April 22, 2025, 9:15 p.m. | 3 hours, 25 minutes ago
Description : xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account's master key is potentially compromised, disable the key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32965
Published : April 22, 2025, 9:15 p.m. | 3 hours, 25 minutes ago
Description : xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account's master key is potentially compromised, disable the key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) Arbitrary File Access Vulnerability
CVE ID : CVE-2025-37087
Published : April 22, 2025, 9:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37087
Published : April 22, 2025, 9:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27087 - Cray Operating System (COS) Kernel Local Denial of Service (DoS)
CVE ID : CVE-2025-27087
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27087
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37088 - HPE Cray Data Virtualization Service (DVS) Authentication Bypass Vulnerability
CVE ID : CVE-2025-37088
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37088
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3441 - CVE-2022-1234: Adobe Flash Type Confusion Vulnerability
CVE ID : CVE-2025-3441
Published : April 22, 2025, 11:15 p.m. | 1 hour, 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3441
Published : April 22, 2025, 11:15 p.m. | 1 hour, 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1021 - Synology DiskStation Manager (DSM) File Disclosure
CVE ID : CVE-2025-1021
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1021
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46216 - Apache HTTP Server HTTP Request Smuggling
CVE ID : CVE-2025-46216
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46216
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46217 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-46217
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46217
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46218 - Microsoft Azure AD Authentication
CVE ID : CVE-2025-46218
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46218
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46219 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-46219
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46219
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46220 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-46220
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46220
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46221 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46221
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46221
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46222 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46222
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46222
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46223 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-46223
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46223
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46224 - Dropbox Authentication Bypass
CVE ID : CVE-2025-46224
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46224
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0926 - Axis Camera Station Pro File Deletion Privilege Escalation Vulnerability
CVE ID : CVE-2025-0926
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0926
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1056 - Axis Camera Station Pro File Path Traversal Vulnerability
CVE ID : CVE-2025-1056
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1056
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0618 - FireEye EDR Agent Persistent Denial of Service Vulnerability
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...