CVE ID : CVE-2025-46783
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36506
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48825
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces
A significant surge in brute-force attacks is targeting Apache Tomcat Manager interfaces, according to a new report from GreyNoise. On June 5, 2025, analysts observed a large-scale campaign where atta …
Read more
Published Date:
Jun 13, 2025 (4 hours, 2 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
CVE-2025-24813
CVE-2024-38286
Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network
A newly disclosed vulnerability in the now-discontinued Amazon Cloud Cam has raised serious concerns about the risks of continuing to use unsupported smart home devices. Tracked as CVE-2025-6031 and r …
Read more
Published Date:
Jun 13, 2025 (3 hours, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727)
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with its federal partners, has issued a high-priority alert (AA25-163A) detailing how ransomware actors have exploited unp …
Read more
Published Date:
Jun 13, 2025 (3 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
CVE-2024-57727
CVE-2024-9404
CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches
Moxa has issued a high-severity security advisory for a newly discovered vulnerability—CVE-2024-9404—that affects its widely deployed PT-G7728 and PT-G7828 industrial Ethernet switches. This flaw coul …
Read more
Published Date:
Jun 13, 2025 (3 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5491
CVE-2025-0676
CVE-2024-7695
CVE-2024-57727
CVE-2024-9404
CVE-2024-1086
CVE-2025-5491: Acer Control Center Bug Allows Remote Code Execution as NT AUTHORITYSYSTEM
Acer has released a critical security update addressing a newly disclosed local privilege escalation vulnerability in its ControlCenter utility that could allow remote, unauthenticated attackers to ex …
Read more
Published Date:
Jun 13, 2025 (2 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5491
CVE-2024-9404
CVE-2022-4020
CVE ID : CVE-2025-30399
Published : June 13, 2025, 2:15 a.m. | 3 hours, 48 minutes ago
Description : Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47959
Published : June 13, 2025, 2:15 a.m. | 3 hours, 48 minutes ago
Description : Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an authorized attacker to execute code over a network.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4586
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmcalendarview’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4585
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmflat’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5123
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4584
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmeventlist’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5288
Published : June 13, 2025, 3:15 a.m. | 2 hours, 29 minutes ago
Description : The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5491
Published : June 13, 2025, 3:15 a.m. | 2 hours, 29 minutes ago
Description : Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5233
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5841
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5926
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5928
Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago
Description : The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…