Development

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

IoT Security / Vulnerability
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track …
Read more

Published Date:
Jun 11, 2025 (11 hours, 35 minutes ago)

Vulnerabilities has been mentioned in this article.

Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction.

Read more

Published Date:
Jun 11, 2025 (4 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32711

Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks

Salesforce has assigned five CVE identifiers following a security report that uncovered more than 20 configuration weaknesses, some of which exposed customers to unauthorized access and session hijack …
Read more

Published Date:
Jun 11, 2025 (4 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-43701

CVE-2025-43700

CVE-2025-43699

CVE-2025-43698

CVE-2025-43697

CVE ID : CVE-2025-26383

Published : June 11, 2025, 4:15 p.m. | 4 hours, 13 minutes ago

Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1698

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Severity: 2.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1699

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.

Severity: 2.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4673

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40915

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.

That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-22874

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6001

Published : June 11, 2025, 5:15 p.m. | 3 hours, 44 minutes ago

Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6002

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0913

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0923

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0917

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25032

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40912

Published : June 11, 2025, 6:15 p.m. | 2 hours, 44 minutes ago

Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.

CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49150

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Office Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-4716 …
Read more

Published Date:
Jun 11, 2025 (1 hour, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47953

CVE-2025-47167

CVE-2025-47164

CVE-2025-47162

Windows Common Log File System Driver Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability in the Windows Common Log File System Driver (CLFS) enables attackers to escalate their privileges to SYSTEM level access.
The vulnerability, tracked as CVE-2025-3271 …
Read more

Published Date:
Jun 11, 2025 (1 hour, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32713