CVE-2025-6074 – ABB RMC-100/100 LITE Hard-coded Cryptographic Key Authentication Bypass

CVE ID : CVE-2025-6074

Published : July 3, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE.

When the REST interface is enabled by the user, and an attacker gains access to
source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data.

This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6073 – ABB RMC-100/LITE Stack-based Buffer Overflow

CVE ID : CVE-2025-6073

Published : July 3, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE.

When the REST interface is enabled by the user, and an attacker gains access to
the control network, and user/password broker authentication is enabled, and
CVE-2025-6074 is exploited, the attacker can overflow the buffer for username or
password.

This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6926 – Wikimedia Foundation Mediawiki CentralAuth Extension Authentication Bypass Vulnerability

CVE ID : CVE-2025-6926

Published : July 3, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Improper Authentication vulnerability in Wikimedia Foundation Mediawiki – CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki – CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Soundux is a cross-platform soundboard

Soundux is a universal soundboard that uses PulseAudio modules or PipeWire linking. The post Soundux is a cross-platform soundboard appeared…

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

The first quarter of 2025 has witnessed an unprecedented surge in ransomware attacks, with 2,314 victims listed across 74 unique data leak sites, representing a staggering 213% increase compared to th …
Read more

Published Date:
Jul 03, 2025 (5 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-55956

CVE-2024-50623

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log …
Read more

Published Date:
Jul 03, 2025 (4 hours, 48 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20309

Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code

Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code

Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems.
The vulnerab …
Read more

Published Date:
Jul 03, 2025 (3 hours, 38 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-53110

CVE-2025-53109

Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability

Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability

Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited.
The latest Microsoft Edge Stab …
Read more

Published Date:
Jul 03, 2025 (2 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49713

CVE-2025-6554

CVE-2025-1708 – PostgreSQL SQL Injection

CVE ID : CVE-2025-1708

Published : July 3, 2025, 12:15 p.m. | 2 hours, 29 minutes ago

Description : The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27453 – Apache PHP HttpOnly Cookie Access Vulnerability

CVE ID : CVE-2025-27453

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27454 – Adobe ColdFusion CSRF

CVE ID : CVE-2025-27454

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim’s browser’s saved authorization to execute the request.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27455 – Apache Clickjacking Vulnerability

CVE ID : CVE-2025-27455

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27456 – Cisco SMB Authentication Brute Force

CVE ID : CVE-2025-27456

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The SMB server’s login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27457 – RealVNC Unencrypted Communication Information Disclosure

CVE ID : CVE-2025-27457

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27458 – VNC Password Derivation Vulnerability

CVE ID : CVE-2025-27458

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27459 – VNC Weak Password Storage

CVE ID : CVE-2025-27459

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27460 – Dell Device Physical Storage Unencrypted Vulnerability

CVE ID : CVE-2025-27460

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27461 – “HP Device EPC2 Passwordless Login Vulnerability”

CVE ID : CVE-2025-27461

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

CVE ID : CVE-2025-2540

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…