GOnnect is an opinionated, simple, easy to use VoIP client, designed for Flatpak based installations. The post GOnnect – easy…
Happy Friday. For those of us in America, today is a political holiday. But let’s avoid politics for the moment.…
Gnuinos is a spin of Devuan Linux consisting exclusively of Free Software (as defined by the Free Software Foundation) The…
Il firmware è un software integrato direttamente nell’hardware di un dispositivo elettronico, memorizzato in chip di memoria non volatile come…
Vivaldi è browser (un navigatore web) sviluppato da Vivaldi Technologies, un’azienda fondata da Jon Stephenson von Tetzchner, co-fondatore di Opera…
CVE ID : CVE-2025-5372
Published : July 4, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions’ confidentiality, integrity, and availability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6944
Published : July 4, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘uncode_hl_text’ and ‘uncode_text_icon’ shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Electronic circuit simulation uses mathematical models to replicate the behavior of an actual electronic device or circuit. The post 5…
Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out
A critical security flaw has been discovered in Lucee, the high-performance, open-source CFML (ColdFusion Markup Language) application server. Tracked as CVE-2025-34074 and carrying a CVSS score of 9. …
Read more
Published Date:
Jul 04, 2025 (3 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34074
CVE-2025-32432
CVE-2025-24071
CVE-2024-31819
Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours
The Wiz Research Team has uncovered a stealthy and rapidly executed exploitation chain leveraging a misconfigured Java Debug Wire Protocol (JDWP) interface to deploy crypto-mining malware in TeamCity …
Read more
Published Date:
Jul 04, 2025 (3 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34074
CVE-2025-46647
CVE-2023-42793
Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access
Apache APISIX, a high-performance and AI-ready API gateway trusted for managing traffic across microservices and LLM-based applications, has been found vulnerable to a token issuer validation flaw in …
Read more
Published Date:
Jul 04, 2025 (3 hours, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-46647
CVE-2022-39222
CVE-2022-24112
CVE-2021-45232
Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE
Image: Cymulate
Cymulate Research Labs has revealed Anthropic’s Filesystem MCP Server vulnerabilities. Two newly disclosed flaws—CVE-2025-53110 and CVE-2025-53109—exposes systems to unauthorized acces …
Read more
Published Date:
Jul 04, 2025 (3 hours, 35 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53110
CVE-2025-53109
CVE-2025-46647
Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson
Image: PeiQi0
A newly disclosed vulnerability in HIKVISION’s widely deployed security management platform, applyCT (previously known as HikCentral), has put countless surveillance and monitoring infra …
Read more
Published Date:
Jul 04, 2025 (3 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34067
CVE-2021-36260
Apache Under Attack: Critical RCE Flaws in Tomcat & Camel Spark Thousands of Exploit Attempts
In a recent deep-dive analysis, Palo Alto Networks’ Unit 42 revealed disturbing insights into a surge of cyberattacks targeting critical vulnerabilities in Apache Tomcat and Apache Camel. These flaws, …
Read more
Published Date:
Jul 04, 2025 (3 hours, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34067
CVE-2025-29891
CVE-2025-24813
CVE-2025-27636
PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps
🔐 Access to This Vulnerability Report Requires Support
This article is available to verified supporters only – contribute to read the full report
Contribute with Google
Or choose another support optio …
Read more
Published Date:
Jul 04, 2025 (3 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
Microsoft Edge Alert: Two High-Severity Flaws (CVE-2025-6554, CVE-2025-49713) Allow Remote Code Execution, One Actively Exploited
Microsoft has released Edge Stable Channel Version 138.0.3351.65, an update that addresses critical browser vulnerabilities impacting Chromium-based Microsoft Edge. The patch includes fixes for two hi …
Read more
Published Date:
Jul 04, 2025 (3 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
Next.js Flaw (CVE-2025-49826, CVSS 7.5): Cache Poisoning Leads to Denial-of-Service
A cache poisoning vulnerability (CVE-2025-49826) with a CVSS score of 7.5 has been disclosed in Next.js, the popular React-based web development framework. The flaw, found in versions >=15.1.0
Read more
Published Date:
Jul 04, 2025 (3 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49826
CVE-2025-49713
CVE-2025-6554
CVE-2025-48947
CVE-2025-29927
CVE-2024-56332
CVE-2024-51479
CVE-2024-46982
EchoLeak Vulnerability in Microsoft 365 Copilot
Skip to contentOverviewEchoLeak is a critical zero-click vulnerability found in Microsoft 365 Copilot, revealed in 2025 by AIM Security. The flaw allowed attackers to steal sensitive enterprise data w …
Read more
Published Date:
Jul 04, 2025 (2 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20309
CVE-2025-36038
CVE-2025-32711
CVE ID : CVE-2025-5933
Published : July 4, 2025, 3:15 a.m. | 22 minutes ago
Description : The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5924
Published : July 4, 2025, 3:15 a.m. | 22 minutes ago
Description : The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…