CVE ID : CVE-2025-49454
Published : June 10, 2025, 1:15 p.m. | 31 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49455
Published : June 10, 2025, 1:15 p.m. | 31 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49507
Published : June 10, 2025, 1:15 p.m. | 31 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery…
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to…
Bridging Perception and Action in Robotics Multimodal Large Language Models (MLLMs) hold promise for enabling machines, such as robotic arms…
Early large language models (LLMs) excelled at generating coherent text; however, they struggled with tasks that required precise operations, such…
In this tutorial, we’ll learn how to harness the power of Google’s Gemini models alongside the flexibility of Pandas. We…
As AI-first development redefines how software is built, “vibe coding” has emerged as a paradigm-shifting approach where developers simply say…
Microsoft Edge Rolls Out AI-Powered History Search with Privacy Focus
Microsoft is currently rolling out an AI-powered history search feature to users of the Microsoft Edge browser. This functionality enables fuzzy search capabilities, allowing users to locate previousl …
Read more
Published Date:
Jun 10, 2025 (5 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-36735
SAP Patch Fixes Critical CVSS 9.6 Flaw in NetWeaver: Privilege Escalation and System Integrity at Risk
SAP’s June 2025 Security Patch Day addressed a total of 14 new vulnerabilities, including a critical issue and several high-severity flaws that demand immediate attention from enterprises relying on S …
Read more
Published Date:
Jun 10, 2025 (3 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-42989
CVE-2025-42983
CVE-2025-42982
CVE-2025-23192
CVE-2025-31324
85.000 RoundCube-mailservers bevatten actief misbruikt RCE-lek
Wereldwijd zijn er ruim 85.000 RoundCube-mailservers die een actief misbruikte kwetsbaarheid bevatten die remote code execution (RCE) mogelijk maakt, waarvan meer dan zeventienhonderd in Nederland. Da …
Read more
Published Date:
Jun 10, 2025 (2 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49113
SAP June 2025 Patch Day – 14 Vulnerabilities Patched Across Multiple Products
SAP released its monthly Security Patch Day update addressing 14 critical vulnerabilities across multiple enterprise products.
The comprehensive security update includes patches addressing critical au …
Read more
Published Date:
Jun 10, 2025 (1 hour, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-42998
CVE-2025-42993
CVE-2025-42990
CVE-2025-42989
CVE-2025-42988
CVE-2025-42987
CVE-2025-42984
CVE-2025-42983
CVE-2025-42982
CVE-2025-31325
VS meldt actief misbruik van kritiek lek in Erlang Erlang/OTP SSH Server
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Erlang Erlang/OTP SSH Server, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministeri …
Read more
Published Date:
Jun 10, 2025 (1 hour, 35 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks
A critical security vulnerability affecting Roundcube webmail installations has exposed over 84,000 systems worldwide to remote code execution attacks.
The vulnerability, tracked as CVE-2025-49113, al …
Read more
Published Date:
Jun 10, 2025 (46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49113
ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution
A severe security vulnerability has been identified in ManageEngine Exchange Reporter Plus that could allow attackers to execute arbitrary commands on target servers.
Designated as CVE-2025-3835, this …
Read more
Published Date:
Jun 10, 2025 (43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3835
CVE ID : CVE-2025-1041
Published : June 10, 2025, 6:15 a.m. | 2 hours, 59 minutes ago
Description : An improper input validation discovered in
Avaya Call Management System
could allow an unauthorized
remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4840
Published : June 10, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4954
Published : June 10, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27818
Published : June 10, 2025, 8:15 a.m. | 1 hour, 29 minutes ago
Description : A possible security vulnerability has been identified in Apache Kafka.
This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0).
When configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`
property for any of the connector’s Kafka clients to “com.sun.security.auth.module.LdapLoginModule”, which can be done via the
`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.
This will allow the server to connect to the attacker’s LDAP server
and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.
Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.
Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box
configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector
client override policy that permits them.
Since Apache Kafka 3.9.1/4.0.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage
in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule” are disabled in Apache Kafka Connect 3.9.1/4.0.0.
We advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for
vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,
in addition to leveraging the “org.apache.kafka.disallowed.login.modules” system property, Kafka Connect users can also implement their own connector
client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…