CVE ID : CVE-2025-6691

Published : July 9, 2025, 6:15 a.m. | 22 minutes ago

Description : The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6742

Published : July 9, 2025, 6:15 a.m. | 22 minutes ago

Description : The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7218

Published : July 9, 2025, 6:15 a.m. | 22 minutes ago

Description : A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7219

Published : July 9, 2025, 6:15 a.m. | 22 minutes ago

Description : A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

FortiOS Buffer Overflow Vulnerability Allows Attackers to Execute Arbitrary Code

Fortinet disclosed a significant security flaw in its FortiOS operating system, identified as CVE-2025-24477. This heap-based buffer overflow vulnerability, classified under CWE-122, affects the cw_st …
Read more

Published Date:
Jul 08, 2025 (15 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway inst …
Read more

Published Date:
Jul 08, 2025 (15 hours, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

Ivanti Security Update: Patch for Multiple Vulnerabilities in Connect and Policy Secure

Ivanti, a leading provider of IT security and management solutions, has announced the release of critical updates for its Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
These upd …
Read more

Published Date:
Jul 08, 2025 (14 hours, 55 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5464

CVE-2025-0293

CVE-2025-0292

CVE-2025-5463

CVE-2025-5451

CVE-2025-5450

Ivanti Endpoint Manager Mobile Vulnerabilities Let Attackers Execute Remote Code

Ivanti disclosed two high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) product, which could allow remote attackers to execute code on affected systems.
The company has released criti …
Read more

Published Date:
Jul 08, 2025 (14 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6771

CVE-2025-6770

CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks

CISA has issued a critical warning regarding a path traversal vulnerability in the Ruby on Rails framework that poses significant risks to web applications worldwide.
The vulnerability, cataloged as C …
Read more

Published Date:
Jul 08, 2025 (14 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2019-5418

DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass

A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique.
The vulnerability, tracked as CVE- …
Read more

Published Date:
Jul 08, 2025 (14 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-52488

Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software.
If exploited, these flaws could enable attackers to decrypt other users’ passwords or gai …
Read more

Published Date:
Jul 08, 2025 (14 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-7037

CVE-2025-6996

CVE-2025-6995

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones to IoT platforms.
The update, …
Read more

Published Date:
Jul 08, 2025 (13 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20695

CVE-2025-20694

CVE-2025-20693

CVE-2025-20692

CVE-2025-20691

CVE-2025-20690

CVE-2025-20689

CVE-2025-20688

CVE-2025-20687

CVE-2025-20686

CVE-2025-20685

CVE-2025-20684

CVE-2025-20683

CVE-2025-20682

CVE-2025-20681

CVE-2025-20680

Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE

Microsoft released patch Tuesday June 2025 as a monthly security update, addressing a total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishing 10 non-Microsoft CVEs. The upd …
Read more

Published Date:
Jul 08, 2025 (13 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks

Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks.
These flaws, tracked under CVE-2025-494 …
Read more

Published Date:
Jul 08, 2025 (13 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Today is Microsoft’s July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server.This Patch Tuesday also fix …
Read more

Published Date:
Jul 08, 2025 (13 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

The July 2025 Security Update Review

CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2025-49719 †
Microsoft SQL Server Information Disclosure
Vulnerability
Important
7.5
Yes
No
Info
CVE-2025-36350 *
AMD: CVE-2024-36350 Transient Schedu …
Read more

Published Date:
Jul 08, 2025 (12 hours, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed, 17 High-Risk

Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation.
July’s total also included 10 non- …
Read more

Published Date:
Jul 08, 2025 (10 hours, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49744

CVE-2025-49735

CVE-2025-49727

CVE-2025-49724

CVE-2025-49718

CVE-2025-49704

CVE-2025-49701

CVE-2025-49696

CVE-2025-49695

CVE-2025-48818

CVE-2025-48804

CVE-2025-48800

CVE-2025-48799

CVE-2025-48001

CVE-2025-47987

CVE-2025-47981

CVE-2025-47978

CVE-2025-20309

Microsoft enjoys first Patch Tuesday of 2025 with no active exploits

For the first time this year, Microsoft has released a Patch Tuesday bundle with no exploited security problems, although one has been made public already, and there are ten critical flaws to fix.
Jul …
Read more

Published Date:
Jul 08, 2025 (7 hours, 35 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49717

CVE-2025-49702

CVE-2025-49697

CVE-2025-49696

CVE-2025-49695

CVE-2025-47981

CVE-2025-6554

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access

In a coordinated disclosure with CERT@VDE, Phoenix Contact GmbH & Co. KG has issued an urgent advisory addressing four critical and high-severity vulnerabilities in the firmware of its CHARX SEC-3xxx …
Read more

Published Date:
Jul 09, 2025 (6 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-25271

CVE-2025-25270

CVE-2025-25269

CVE-2025-25268

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6)

Fortinet has released a critical patch to address a serious vulnerability in its FortiWeb product — a web application firewall widely deployed across enterprise environments. Tracked as CVE-2025-25257 …
Read more

Published Date:
Jul 09, 2025 (6 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.