In React Native 0.80, we’re introducing two significant changes to React Native’s JavaScript API — the deprecation of deep imports, and…
Development
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
IoT Security / Vulnerability
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track …
Read more
Published Date:
Jun 11, 2025 (11Â hours, 35Â minutes ago)
Vulnerabilities has been mentioned in this article.
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction.
…
Read more
Published Date:
Jun 11, 2025 (4Â hours, 14Â minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32711
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
Salesforce has assigned five CVE identifiers following a security report that uncovered more than 20 configuration weaknesses, some of which exposed customers to unauthorized access and session hijack …
Read more
Published Date:
Jun 11, 2025 (4Â hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-43701
CVE-2025-43700
CVE-2025-43699
CVE-2025-43698
CVE-2025-43697
CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 4Â hours, 13Â minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4673
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40915
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.
That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22874
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6001
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 44Â minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6002
Published : June 11, 2025, 5:15 p.m. | 3Â hours, 13Â minutes ago
Description : An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 13Â minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 13Â minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 13Â minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 13Â minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 44Â minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 2Â hours, 13Â minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Microsoft Office Vulnerabilities Let Attackers Execute Remote Code
Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-4716 …
Read more
Published Date:
Jun 11, 2025 (1Â hour, 44Â minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-47953
CVE-2025-47167
CVE-2025-47164
CVE-2025-47162
Windows Common Log File System Driver Vulnerability Let Attackers Escalate Privileges
A critical security vulnerability in the Windows Common Log File System Driver (CLFS) enables attackers to escalate their privileges to SYSTEM level access.
The vulnerability, tracked as CVE-2025-3271 …
Read more
Published Date:
Jun 11, 2025 (1Â hour, 31Â minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32713