CVE ID : CVE-2025-53867
Published : July 17, 2025, 4:15 p.m. | 2 hours, 21 minutes ago
Description : Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7338
Published : July 17, 2025, 4:15 p.m. | 2 hours, 21 minutes ago
Description : Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7339
Published : July 17, 2025, 4:15 p.m. | 2 hours, 21 minutes ago
Description : on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-32323
Published : July 17, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23263
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51497
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53644
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53638
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return a `bool` or some other return data. This is because regular Solidity uses `extcodesize(proxy)` to decide if call succeeds. This is insufficient in the case when the proxy points to an empty implementation. Users should upgrade to Solady v0.1.24 or later to receive a patch. Deploy any affected implementations and their factories on new EVM chains as soon as possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7748
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7747
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7749
Published : July 17, 2025, 6:15 p.m. | 21 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution
NVIDIA has released critical security updates addressing two significant vulnerabilities in its Container Toolkit and GPU Operator that could allow attackers to execute arbitrary code with elevated pe …
Read more
Published Date:
Jul 17, 2025 (5 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
NVIDIA Container Toolkit Vulnerabilities
July 17, 2025Executive SummaryIn July 2025, NVIDIA disclosed two serious vulnerabilities impacting its Container Toolkit and GPU Operator components. These issues affect systems running GPU workloads …
Read more
Published Date:
Jul 17, 2025 (2 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
Max severity Cisco ISE bug allows pre-auth command execution, patch now
A critical vulnerability (CVE-2025-20337) in Cisco’s Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root pr …
Read more
Published Date:
Jul 17, 2025 (2 hours, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20337
CVE-2025-20288
CVE-2025-20285
CVE-2025-20284
CVE-2025-20283
CVE-2025-20274
CVE-2025-20272
CVE-2025-20282
CVE-2025-20281
Chinese hackers breached National Guard to steal network configurations
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and …
Read more
Published Date:
Jul 17, 2025 (2 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3400
CVE-2023-20273
CVE-2023-20198
CVE-2018-0171
CVE ID : CVE-2025-3415
Published : July 17, 2025, 11:15 a.m. | 3 hours, 16 minutes ago
Description : Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52933
Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago
Description : Rejected reason: 3rd party vulnerability
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5344
Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago
Description : Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider “com.bluebird.kiosk.launcher.IpartnerKioskRemoteService”. A local attacker can bind to the AIDL-type service to modify device’s global settings and wallpaper image.
This issue affects all versions before 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5345
Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago
Description : Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider “com.bluebird.system.koreanpost.IsdcardRemoteService”. A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device’s storage with system-level permissions.
Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5346
Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago
Description : Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver “kr.co.bluebird.android.bbsettings.BootReceiver”. A local attacker can call the receiver to overwrite file containing “.json” keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file.
This issue affects all versions before 1.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…