CVE ID : CVE-2025-0140

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS and Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.

The GlobalProtect app on Windows, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0141

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITYSYSTEM on Windows.

The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0646

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6970

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6975

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6976

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4406

Published : July 10, 2025, 2:15 a.m. | 1 hour, 49 minutes ago

Description : The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5807

Published : July 10, 2025, 2:15 a.m. | 1 hour, 49 minutes ago

Description : The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35983

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected.

This issue affects Controller 7000:

9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44003

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.

This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in  vEL9.00.3371 (MR7)),  all versions of 8.90 and prior.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53746

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46406

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.

This issue affects Command Centre Server:

9.30 prior to 9.30.1874 (MR1), 9.20 prior to 9.20.2337 (MR3), 9.10 prior to 9.10.3194 (MR6), 9.00 prior to 9.00.3371 (MR7), all versions of 8.90 and prior.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53748

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53747

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53749

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53751

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53750

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53753

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53752

Published : July 10, 2025, 3:15 a.m. | 49 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now

Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher …
Read more

Published Date:
Jul 09, 2025 (16 hours, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48818

CVE-2025-23389

CVE-2025-23388

CVE-2025-23387

CVE-2025-22870

CVE-2025-27414

CVE-2025-22952

CVE-2025-22869

CVE-2025-22868

CVE-2025-0725

CVE-2025-0167

CVE-2024-13176

CVE-2024-45338

CVE-2024-45337

CVE-2024-11053

CVE-2024-9681

CVE-2024-9143

CVE-2024-8096

CVE-2024-7264

CVE-2024-6345

CVE-2024-2466

CVE-2024-2398

CVE-2024-0853

CVE-2022-30187

CVE-2013-7489