It’s been over a year since Copilot+ was announced, it’s still exclusive to laptops with capable enough NPUs, and mostly,…
The SteelSeries Rival 3 (Gen 2) Wireless is an entry-level, wireless gaming mouse with a colorful personality and good performance,…
Microsoft has confirmed that the next release of Windows is called Windows 11 25H2, and it’s going to be a…
Windows 11 KB5060829 has issues, including a bug where Alt + Tab still causes problems when playing games. While Microsoft’s…
If you’re planning to clean install Windows 11 24H2, now is the right time. Microsoft has finally updated the Media…
From Australia’s new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity…
Landing pages are a great tool for marketers. They introduce your product or service, promote key selling points, and aim…
Post Content Source: Read MoreÂ
Post Content Source: Read MoreÂ
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: AxOS 25.06 and 25.01, AlmaLinux OS 10.0
News: Ubuntu to boost Intel graphics performance, Fedora discusses dropping i686 packages, SDesk switches from SELinux to AppArmor
Questions and answers: Transferring Flatpak packages between computers
Released last week: postmarketOS 25.06, Escuelas Linux 8.12, IPFire 2.29 Core 195,….
CVE ID : CVE-2025-6866
Published : June 29, 2025, 6:15 p.m. | 4 hours, 9 minutes ago
Description : A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6868
Published : June 29, 2025, 7:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6867
Published : June 29, 2025, 7:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24290
Published : June 29, 2025, 8:15 p.m. | 2 hours, 14 minutes ago
Description : Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24289
Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago
Description : A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24292
Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago
Description : A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6869
Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6870
Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2015-20112
Published : June 29, 2025, 9:15 p.m. | 1 hour, 9 minutes ago
Description : RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6871
Published : June 29, 2025, 9:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…