CVE ID : CVE-2025-5927

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6613

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From aesthetic restraint to GSAP magic, this case study reveals what happens when trust meets thoughtful execution. Source: Read More 

RefreshOS è una distribuzione GNU/Linux basata su Debian, progettata per offrire un’esperienza utente semplice ma potente. Ideale sia per i…

Hyprland, il compositore Wayland open source noto per la sua elevata personalizzabilità, ha introdotto un nuovo servizio a pagamento: Hyprland…

In Italia, l’adozione del software open source nella pubblica amministrazione è spesso percepita con un certo scetticismo. Eppure, il quadro…

Nuova puntata del podcast di Marco’s Box, come sempre dedicata a commentare le principali notizie della settimana (circa) appena trascorsa.…

If you’re a Linux user, you might have found yourself tangled in boot issues while installing your favorite distro especially…

Lwan is a lightweight asynchronous multi-threaded event-based web server. The post Lwan is an experimental, scalable, high performance HTTP server…

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer for the Elastic Stack. One vulnerability, CVE-2025-2135, is par …
Read more

Published Date:
Jun 25, 2025 (4 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-0966

Published : June 25, 2025, 3:15 a.m. | 1 hour, 43 minutes ago

Description : IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36004

Published : June 25, 2025, 3:15 a.m. | 1 hour, 42 minutes ago

Description : IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5585

Published : June 25, 2025, 3:15 a.m. | 1 hour, 42 minutes ago

Description : The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Where did you GOTO on your vacation? Nowhere. GOTO is considered harmful. Original –Remy Everybody knows that you should never…

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a rogue WordPress plugin. This campaign, first identified during a site clean on May 16, 2 …
Read more

Published Date:
Jun 25, 2025 (2 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2022-31626

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

The Phantom The Cyber Security Agency (CSA) of Singapore has issued an urgent security advisory highlighting multiple high-impact vulnerabilities affecting Advantech’s industrial automation products, …
Read more

Published Date:
Jun 25, 2025 (2 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48470

CVE-2025-48469

CVE-2025-48468

CVE-2025-48467

CVE-2025-48466

CVE-2025-48463

CVE-2025-48462

CVE-2025-48461

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a range of wireless LAN routers manufactured by ELECOM CO., LTD. The vulnerabiliti …
Read more

Published Date:
Jun 25, 2025 (2 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48890

CVE-2025-43879

CVE-2025-43877

CVE-2025-41427

CVE-2025-36519

CVE-2024-45200

Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks

Hitachi Energy has released a cybersecurity advisory (8DBD000218) disclosing five newly discovered vulnerabilities affecting its MicroSCADA X SYS600 product, a widely deployed supervisory control and …
Read more

Published Date:
Jun 25, 2025 (1 hour, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-39205

CVE-2025-39204

CVE-2025-39203

CVE-2025-39202

CVE-2025-39201

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1

NVIDIA has released a security bulletin addressing two newly discovered vulnerabilities—CVE-2025-23264 and CVE-2025-23265—affecting Megatron-LM, its open-source large language model (LLM) framework de …
Read more

Published Date:
Jun 25, 2025 (1 hour, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23265

CVE-2025-23264

CVE-2024-0138

SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign

SonicWall, in collaboration with Microsoft Threat Intelligence (MSTIC), has uncovered a sophisticated campaign that distributes a Trojanized version of SonicWall’s NetExtender VPN client, masquerading …
Read more

Published Date:
Jun 25, 2025 (51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36537

CVE-2024-40766