CVE ID : CVE-2025-40675

Published : June 9, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the parameter ‘query’ in ‘/search’. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5871

Published : June 9, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5872

Published : June 9, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27709

Published : June 9, 2025, 11:15 a.m. | 1 hour, 14 minutes ago

Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3835

Published : June 9, 2025, 11:15 a.m. | 1 hour, 14 minutes ago

Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36528

Published : June 9, 2025, 11:15 a.m. | 1 hour, 14 minutes ago

Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41437

Published : June 9, 2025, 11:15 a.m. | 52 minutes ago

Description : Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5874

Published : June 9, 2025, 11:15 a.m. | 52 minutes ago

Description : A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5873

Published : June 9, 2025, 11:15 a.m. | 52 minutes ago

Description : A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Welcome to the next episode in our GitHub for Beginners series, where we’re diving into the world of GitHub Copilot.…

The HTML popover attribute transforms elements into top-layer elements that can be opened and closed with a button or JavaScript.…

Explore my favourite ways of installing new software on the Raspberry Pi 5. The post Raspberry Pi 5 Desktop Mini…

SmartOS is a specialized Type 1 Hypervisor platform based on illumos. It supports two types of virtualization. The post SmartOS…

Karakeep (previously Hoarder) is a self-hostable bookmark-everything app with a touch of AI for the data hoarders out there. The…

Orbit, Mozilla’s AI assistant add-on for its Firefox web browser, is being discontinued as most of its features are now…

In this tutorial, we’ll walk you through how to create bubble-like spheres using Three.js and GLSL—an effect that responds interactively…

Sway è un gestore di finestre che organizza automaticamente le finestre aperte in un layout a griglia, noto come tiling.…

CVE ID : CVE-2025-25208

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25209

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25207

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…