Transform your website from flat to flourishing with interactive animations that enhance user experience. Source: Read MoreÂ
AerynOS, precedentemente nota come Serpent OS, è una distribuzione GNU/Linux moderna e innovativa che mira a fornire un’esperienza utente avanzata…
I’m testing the 2TB PD20 Mini External SSD which provides plenty of capacity for backing up a computer or holding…
digiKam è un gestore di risorse digitali dinamico e un editor di immagini open source, libero e multi-piattaforma, che offre…
Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances
A critical security flaw tracked as CVE-2025-6543 is being actively exploited in the wild, prompting urgent warnings from Citrix and inclusion in CISA’s Known Exploited Vulnerabilities (KEV) Catalog. …
Read more
Published Date:
Jul 01, 2025 (5 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6543
CVE-2025-4428
CVE-2025-4427
CVE-2024-6235
CVE-2024-21762
CVE-2022-47945
CISA Adds Critical Citrix NetScaler Vulnerability to KEV Catalog
Skip to contentOn June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6543, a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway, to its K …
Read more
Published Date:
Jul 01, 2025 (5 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-36038
CVE-2025-6543
CVE-2025-6218
CVE-2025-5777
Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code – Patch Now
Google has issued an urgent security update for Chrome browser users worldwide, addressing a critical zero-day vulnerability that is actively being exploited by cybercriminals.
The high-severity flaw, …
Read more
Published Date:
Jul 01, 2025 (4 hours, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6554
Critical Sudo Flaw (CVE-2025-32463, CVSS 9.3): Root Privilege Escalation & Host Bypass, PoC Available
In the world of Linux privilege management, Sudo reigns supreme. It’s the gatekeeper, the doorman, the bouncer of root-level access. But what happens when the bouncer hands over the keys to anyone who …
Read more
Published Date:
Jul 01, 2025 (4 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32463
CVE-2025-32462
CVE-2024-22036
CVE-2023-4147
CVE-2023-27320
JetBrains YouTrack Price Hike: New Plans & Features Arrive October 1, 2025
JetBrains’ project management and issue tracking software, YouTrack, will undergo a price adjustment on October 1, 2025. According to JetBrains, the price increase is due to the existing pricing model …
Read more
Published Date:
Jul 01, 2025 (4 hours, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32463
CVE-2024-50394
CVE-2023-42793
Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root
A critical security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges to root access.
Summary1. CVE-2025-32463 affects …
Read more
Published Date:
Jul 01, 2025 (1 hour, 13 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32463
CVE ID : CVE-2024-46992
Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago
Description : Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacted. Specifically this issue can only be exploited if the app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against. This issue has been patched in versions 30.0.5 and 31.0.0-beta.1. There are no workarounds for this issue.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53003
Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago
Description : The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts ..etc. This issue has been patched in version 1.8.0. A workaround for this vulnerability involves users forking and building the config api, patching it in their system following commit 92eea4d.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53096
Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago
Description : Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6938
Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago
Description : A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-46993
Published : July 1, 2025, 3:15 a.m. | 4 hours, 18 minutes ago
Description : Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image’s height, width, and contents. This issue has been patched in versions 28.3.2, 29.3.3, and 30.0.3. There are no workarounds for this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49364
Published : July 1, 2025, 3:15 a.m. | 4 hours, 18 minutes ago
Description : tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require(‘buffer’) is the NPM buffer package. The Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one). This issue has been patched in version 1.1.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-49365
Published : July 1, 2025, 3:15 a.m. | 4 hours, 18 minutes ago
Description : tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require(‘buffer’) is the NPM buffer package. Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as a message, and those messages could trick verify() into returning false-positive true values. This issue has been patched in version 1.1.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5967
Published : July 1, 2025, 4:15 a.m. | 3 hours, 18 minutes ago
Description : A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6081
Published : July 1, 2025, 4:15 a.m. | 3 hours, 18 minutes ago
Description : Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6934
Published : July 1, 2025, 7:15 a.m. | 18 minutes ago
Description : The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse – Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the ‘on_regiser_user’ function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…