CVE-2025-2728 H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. ...

CVE-2025-2721

Removed by vendor...

CVE-2025-2707 zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path...

CVE-2025-2701

creationtimestamp| type| source ---|---|--- 2025-03-24 12:32:50+00:00| seen| https://t.me/cvedetector/20949 2025-03-24 12:34:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ll4rdh3pp42x...

CVE-2025-2679 PHPGurukul Bank Locker Management System contact-us.php sql injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...

CVE-2024-12216

The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...

openSUSE Security Advisory (SUSE-SU-2025:0723-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2022-49368

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: out of bounds read in mtkhwlrogetfdirentry The "fsp-location" variable comes from user via ethtoolgetrxnfc. Check that it is valid to prevent an out of bounds read...

Amazon Linux 2 : python-ipaddress (ALAS-2025-2761)

The version of python-ipaddress installed on the remote host is prior to 1.0.16-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2761 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Modern organizations grapple with the complex task of securing sensitive data in sprawling hybrid and multi-cloud environments. Due to insufficient visibility and governance, data is often misplaced, duplicated, or left exposed. This fragmented environment makes it difficult for teams to accurate...

CVE-2025-1535

The CVE-2025-1535 entry relates to Baiyi Cloud Asset Management System version 8.142.100.161. A vulnerability exists in the file /wuser/admin.ticket.close.php where manipulating the ticket_id parameter causes an SQL injection. The issue is exploitable remotely, and the exploit has been disclosed ...

Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam...

CVE-2024-27321

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting Vulnerability

Title: Checkmk NagVis Reflected Cross-site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE...

CVE-2024-8884

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http...

CVE-2025-0786 ESAFENET CDG appDetail.jsp sql injection

A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

SUSE CVE-2025-21653

In the Linux kernel, the following vulnerability has been resolved: netsched: clsflow: validate TCAFLOWRSHIFT attribute syzbot found that TCAFLOWRSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in...

DEBIAN-CVE-2025-21653

In the Linux kernel, the following vulnerability has been resolved: netsched: clsflow: validate TCAFLOWRSHIFT attribute syzbot found that TCAFLOWRSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in...

Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers

In the not-so-distant past, webmasters faced challenges from bots like Google's search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models LLMs like ChatGP...