CVE-2025-48387 – Tar-fs Directory Traversal Vulnerability

CVE ID : CVE-2025-48387

Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago

Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47585 – Mage People Team Booking and Rental Manager Missing Authorization Vulnerability

CVE ID : CVE-2025-47585

Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago

Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-48996 – HAX Penn State University Open-Apis Information Disclosure

CVE ID : CVE-2025-48996

Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago

Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Vgmi is a Gemini client written in C

Vgmi is a Gemini client. Gemini is a internet technology supporting an electronic library of interconnected text documents. The post…

Google Fights Back: Appeals Order to Sell Chrome Browser

Google Fights Back: Appeals Order to Sell Chrome Browser

In response to the U.S. Department of Justice’s directive that Google must divest and sell its Chrome browser business, the company announced its intention to appeal the decision, asserting that the p …
Read more

Published Date:
Jun 02, 2025 (5 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3619

CVE-2024-10488

CVE-2024-10487

MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction

MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction

Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any u …
Read more

Published Date:
Jun 02, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20678

CVE-2025-20677

CVE-2025-20676

CVE-2025-20675

CVE-2025-20674

CVE-2025-20673

CVE-2025-20672

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities were uncovered in pre-installed applications on Ulefone and Krüger&Matz Android smartphones that expose users to significant risks, including unauthorized factory resets, P …
Read more

Published Date:
Jun 02, 2025 (3 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-13917

CVE-2024-13916

CVE-2024-13915

Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform

Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform

Source: Ivan Kmit via Alamy Stock PhotoTwo critical, unpatched security flaws in technology widely used in operational technology (OT) and industrial control systems (ICS) that monitor fire safety cou …
Read more

Published Date:
Jun 02, 2025 (3 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46352

CVE-2025-41438

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android …
Read more

Published Date:
Jun 02, 2025 (3 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

Attackers breached ConnectWise, compromised customer ScreenConnect instances

Attackers breached ConnectWise, compromised customer ScreenConnect instances

A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday.
“We have not obse …
Read more

Published Date:
Jun 02, 2025 (2 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3935

CVE-2025-30406

CVE-2024-1709

Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes

Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes

Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how to protect your Ubuntu, Red Hat, and Fedora s …
Read more

Published Date:
Jun 02, 2025 (1 hour, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5054

CVE-2025-4598

CVE-2024-27443

CVE-2024-48877 – Microsoft Xls2csv Heap Buffer Overflow Vulnerability

CVE ID : CVE-2024-48877

Published : June 2, 2025, 3:15 p.m. | 4 hours, 9 minutes ago

Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-52035 – Catdoc OLE Document File Allocation Table Parser Integer Overflow Heap Corruption Vulnerability

CVE ID : CVE-2024-52035

Published : June 2, 2025, 3:15 p.m. | 4 hours, 9 minutes ago

Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-54028 – Catdoc OLE Document DIFAT Parser Integer Underflow Heap-Based Memory Corruption

CVE ID : CVE-2024-54028

Published : June 2, 2025, 3:15 p.m. | 4 hours, 9 minutes ago

Description : An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-57459 – CloudClassroom PHP Project SQL Injection Vulnerability

CVE ID : CVE-2024-57459

Published : June 2, 2025, 4:15 p.m. | 3 hours, 9 minutes ago

Description : A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-40114 – Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation

CVE ID : CVE-2024-40114

Published : June 2, 2025, 4:15 p.m. | 3 hours, 9 minutes ago

Description : A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-40113 – Sitecom WLX-2006 Default Credentials Vulnerability

CVE ID : CVE-2024-40113

Published : June 2, 2025, 4:15 p.m. | 3 hours, 9 minutes ago

Description : Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-45542 – CloudClassroom-PHP-Project SQL Injection Vulnerability

CVE ID : CVE-2025-45542

Published : June 2, 2025, 4:15 p.m. | 3 hours, 9 minutes ago

Description : SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…