CVE ID : CVE-2025-6068

Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago

Description : The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6745

Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago

Description : The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7442

Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago

Description : The WPGYM – Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions in all versions up to 67.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6438

Published : July 11, 2025, 9:15 a.m. | 22 minutes ago

Description : CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access
when the server is accessed via the network using an application account.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6838

Published : July 11, 2025, 9:15 a.m. | 22 minutes ago

Description : The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6851

Published : July 11, 2025, 9:15 a.m. | 22 minutes ago

Description : The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CuteCom is a graphical serial terminal that’s aimed mainly at hardware developers or other people who need a terminal to…

IP Lookup is a simple GUI utility to look up details such as the internet provider and geographic location for…

Calibre è un rinomato software open source per la gestione di e-book, ampiamente utilizzato per la sua versatilità e ricchezza…

Wayback è un progetto che fornisce un livello di compatibilità per X11, permettendo l’esecuzione di ambienti desktop X11 utilizzando Wayland.…

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks.
The …
Read more

Published Date:
Jul 11, 2025 (2 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6691

Laravel APP_KEY Vulnerability Allows Remote Code Execution – Hundreds of Apps Affected

A critical vulnerability in Laravel applications exposes APP_KEY configuration values, enabling attackers to achieve remote code execution (RCE).
Collaborative research between GitGuardian and Synackt …
Read more

Published Date:
Jul 11, 2025 (2 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-55555

CVE-2024-48987

CVE-2018-15133

System76 è un’azienda statunitense rinomata per la produzione di computer che operano con distribuzioni GNU/Linux. Fondata nel 2005, System76 ha…

“Toledo is on Earth, Adrian must be on Venus,” remarks Russell M. , explaining “This one’s from weather.gov. Note that…

Customizing and personalizing ChatGPT can influence how the AI acts in a conversation with you. Here’s how. Source: Latest news 

CVE ID : CVE-2025-7418

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-31267

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1727

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : The protocol used for remote linking over RF for End-of-Train and
Head-of-Train (also known as a FRED) relies on a BCH checksum for packet
creation. It is possible to create these EoT and HoT packets with a
software defined radio and issue brake control commands to the EoT
device, disrupting operations or potentially overwhelming the brake
systems.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7419

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41442

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user’s browser, potentially leading to
information disclosure or other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…