Development

CVE-2025-5969 – D-Link DIR-632 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5969

Published : June 10, 2025, 5:25 p.m. | 18 hours, 49 minutes ago

Description : A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5144 – “Stored Cross-Site Scripting in The Events Calendar for WordPress”

CVE ID : CVE-2025-5144

Published : June 11, 2025, 1:15 p.m. | 43 minutes ago

Description : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Nights in Jail

In silence thick with shadow’s breath,Behind cold bars that mimic death,A soul sits still, yet burns inside,Not crushed by shame,…

CVE-2025-4315 – CubeWP WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-4315

Published : June 11, 2025, 10:15 a.m. | 1 hour, 59 minutes ago

Description : The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-26412 – SIMCom SIM7600G Command Injection Vulnerability

CVE ID : CVE-2025-26412

Published : June 11, 2025, 9:15 a.m. | 4 hours, 11 minutes ago

Description : The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3302 – Xagio SEO – WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-3302

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49709 – Mozilla Firefox Canvas Memory Corruption Vulnerability

CVE ID : CVE-2025-49709

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49710 – Mozilla Firefox Integer Overflow Vulnerability

CVE ID : CVE-2025-49710

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5687 – Mozilla VPN macOS Privilege Escalation

CVE ID : CVE-2025-5687

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.
*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5986 – Thunderbird Automatic PDF Download Vulnerability

CVE ID : CVE-2025-5986

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user’s desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…