February 2025

CVE ID : CVE-2024-45426 Published : Feb. 25, 2025, 8:15 p.m. | 27 minutes ago Description : Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and […]

CVE ID : CVE-2025-27142 Published : Feb. 25, 2025, 8:15 p.m. | 26 minutes ago Description : LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path

CVE ID : CVE-2025-27110 Published : Feb. 25, 2025, 8:15 p.m. | 27 minutes ago Description : Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that,

CVE ID : CVE-2025-27139 Published : Feb. 25, 2025, 8:15 p.m. | 26 minutes ago Description : Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue. Severity: 6.8 |

CVE ID : CVE-2025-27146 Published : Feb. 25, 2025, 8:15 p.m. | 26 minutes ago Description : matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer Endpoint Security / Vulnerability Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR St … Read more Published Date: Feb 24, 2025 (2 hours, 45 minutes ago) Vulnerabilities has

CVE ID : CVE-2025-22495 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in

CVE ID : CVE-2025-26201 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : Credential disclosure vulnerability via the /staff route in GreaterWMS Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-26200 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13728 Published : Feb. 23, 2025, 6:15 a.m. | 2 hours, 23 minutes ago Description : The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes