CVE-2025-6019: time to upgrade Linux | Kaspersky official blog
vulnerabilities
Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.
June 19, 2025
Researchers have published technical details and a proof …
Read more
Published Date:
Jun 19, 2025 (6 hours, 10 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49763 — Apache Traffic Server ESI Memory Exhaustion Flaw
CVE-2025-49763 is a denial-of-service (DoS) vulnerability found in Apache Traffic Server (ATS), specifically within its Edge Side Includes (ESI) plugin. The flaw stems from insufficient restrictions o …
Read more
Published Date:
Jun 19, 2025 (5 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49763
CVE-2025-23121
CVE-2025-2783
CVE-2024-56512
CVE-2024-45802
CVE-2024-38193
CVE ID : CVE-2025-33121
Published : June 19, 2025, 6:15 p.m. | 4 hours, 14 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36050
Published : June 19, 2025, 6:15 p.m. | 4 hours, 14 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6271
Published : June 19, 2025, 6:15 p.m. | 4 hours, 14 minutes ago
Description : A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6272
Published : June 19, 2025, 6:15 p.m. | 4 hours, 14 minutes ago
Description : A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6273
Published : June 19, 2025, 7:15 p.m. | 3 hours, 14 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect “real world wasm programs”.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6274
Published : June 19, 2025, 7:15 p.m. | 3 hours, 14 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect “real world wasm programs”. Therefore, this entry might get disputed as well in the future.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6275
Published : June 19, 2025, 8:15 p.m. | 2 hours, 14 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect “real world wasm programs”. Therefore, this entry might get disputed as well in the future.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6276
Published : June 19, 2025, 8:15 p.m. | 2 hours, 14 minutes ago
Description : A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6277
Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6278
Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6279
Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6384
Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).
This issue affects CrafterCMS: from 4.0.0 through 4.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47293
Published : June 19, 2025, 10:15 p.m. | 14 minutes ago
Description : PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6280
Published : June 19, 2025, 10:15 p.m. | 14 minutes ago
Description : A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6281
Published : June 19, 2025, 10:15 p.m. | 14 minutes ago
Description : A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6282
Published : June 19, 2025, 10:15 p.m. | 14 minutes ago
Description : A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label “not planned” by a bot.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Paragon Commercial Spyware Infects Prominent Journalists
Source: Derek Croucher via Alamy Stock PhotoAt least two journalists had their iOS devices compromised in recent months as a result of commercial spyware, according to research published this past wee …
Read more
Published Date:
Jun 19, 2025 (5 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24200
100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine
A critical security vulnerability has emerged in the WordPress ecosystem, exposing over 100,000 websites to privilege escalation attacks through the AI Engine plugin’s Model Context Protocol (MCP) imp …
Read more
Published Date:
Jun 19, 2025 (3 hours, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5071