Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out …
Read more
Published Date:
Jun 08, 2025 (14 hours, 18 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5419
Microsoft komt met script voor herstellen inetpub-map op Windowssystemen
Microsoft heeft een script uitgebracht om de inetpub-map op Windowssystemen te herstellen als gebruikers deze map verwijderd hebben. Eerder waarschuwde het techbedrijf al dat gebruikers deze map niet …
Read more
Published Date:
Jun 08, 2025 (12 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21204
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.
The flaw, tracked under CVE-2024- …
Read more
Published Date:
Jun 08, 2025 (8 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3721
GMines is a clone of the well-known minesweeper game. The look is inspired by the KDE minesweeper program. The post…
CVE ID : CVE-2025-23235
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24493
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25217
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26693
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27131
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27242
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27247
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26691
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27563
Published : June 8, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5847
Published : June 8, 2025, 2:15 p.m. | 6 hours, 29 minutes ago
Description : A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32455
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32458
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32459
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-35004
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-35005
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32456
Published : June 8, 2025, 9:15 p.m. | 38 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…