Development

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring!

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring!

Elastic has disclosed a high-severity vulnerability (CVE-2024-43706) affecting its Kibana observability platform, specifically in the Synthetic Monitoring feature. With a CVSS score of 7.6, the flaw a …
Read more

Published Date:
Jun 11, 2025 (5 hours, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-43706

CVE-2024-12556

CVE-2025-25015

CVE-2024-37287

Microsoft Patch Tuesday June 2025

Microsoft Patch Tuesday June 2025

Microsoft has rolled out its June 2025 Patch Tuesday updates, addressing 66 vulnerabilities across Windows, Office, and other key Microsoft products. This month’s security release includes 10 critical …
Read more

Published Date:
Jun 11, 2025 (4 hours, 21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47953

CVE-2025-47167

CVE-2025-47164

CVE-2025-47162

CVE-2025-33073

CVE-2025-33071

CVE-2025-33070

CVE-2025-33053

CVE-2025-0107

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform

HPE Aruba Networking has released a security update addressing a high-severity vulnerability in its Private 5G Core Platform that could allow unauthorized users to access sensitive information stored …
Read more

Published Date:
Jun 11, 2025 (3 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-37100

Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely

Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely

Google has released an important security update for Chrome Desktop, addressing two high-severity vulnerabilities that could enable attackers to execute malicious code remotely on users’ systems.
The …
Read more

Published Date:
Jun 11, 2025 (2 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5959

CVE-2025-5958

CVE-2025-5419

CVE-2025-2783

CVE-2025-33066 – Microsoft Windows RRAS Heap-Based Buffer Overflow

CVE ID : CVE-2025-33066

Published : June 10, 2025, 5:22 p.m. | 11 hours, 37 minutes ago

Description : Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-33067 – Windows Kernel Privilege Escalation Vulnerability

CVE ID : CVE-2025-33067

Published : June 10, 2025, 5:22 p.m. | 11 hours, 37 minutes ago

Description : Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-1243 – Wazuh Agent for Windows UNC Path Manipulation Vulnerability

CVE ID : CVE-2024-1243

Published : June 11, 2025, 2:15 a.m. | 3 hours, 36 minutes ago

Description : Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-1244 – OSSEC HIDS Windows UNC Path Configuration Vulnerability

CVE ID : CVE-2024-1244

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent’s key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49791 – Apache HTTP Server Denial of Service

CVE ID : CVE-2025-49791

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49793 – Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49793

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49785 – Apache HTTP Server SQL Injection

CVE ID : CVE-2025-49785

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49786 – Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-49786

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49787 – Apache Web Server Unvalidated User Input

CVE ID : CVE-2025-49787

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49788 – Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49788

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49789 – Apache Struts Remote Code Execution

CVE ID : CVE-2025-49789

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49790 – Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-49790

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49792 – Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49792

Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4666 – Zotpress WordPress Stored Cross-Site Scripting Vuln

CVE ID : CVE-2025-4666

Published : June 11, 2025, 4:15 a.m. | 1 hour, 36 minutes ago

Description : The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…