Development

CVE ID : CVE-2025-53397

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user’s browser, potentially leading to information disclosure or
other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53471

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : Emerson ValveLink products
receive input or data, but it do not validate or incorrectly
validates that the input has the properties that are required to process
the data safely and correctly.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53475

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially execute code in the context of the ‘nt
authoritylocal service’ account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53519

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user’s browser, potentially leading to
information disclosure or other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53515

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the ‘nt authoritylocal service’ account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53509

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7420

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5241

Published : July 11, 2025, 1:15 a.m. | 30 minutes ago

Description : Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect passwords. The legitimate users will be unable to login until a certain period has passed after the lockout or until the product is reset.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7421

Published : July 11, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7423

Published : July 11, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7422

Published : July 11, 2025, 1:15 a.m. | 30 minutes ago

Description : A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7434

Published : July 11, 2025, 2:15 a.m. | 44 minutes ago

Description : A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

A critical vulnerability in the SureForms WordPress plugin—which has over 200,000 active installations—has exposed websites to a serious threat of arbitrary file deletion, including the potential remo …
Read more

Published Date:
Jul 10, 2025 (19 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6691

CVE-2025-6463

CVE-2024-10470

AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

Jul 10, 2025Ravie LakshmananVulnerability / Hardware Security
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information …
Read more

Published Date:
Jul 10, 2025 (16 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-36357

CVE-2024-36350

CVE-2024-36349

CVE-2024-36348

CVE-2025-6543

Helm Flaw (CVE-2025-53547): Local Code Execution via Malicious Chart.yaml & Symlinks

The Helm project—the popular Kubernetes package manager—has released a critical security advisory for CVE-2025-53547, a high-severity vulnerability that allows for local code execution when updating c …
Read more

Published Date:
Jul 11, 2025 (3 hours, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-53547

CVE-2025-22248

PerfektBlue Bluetooth leads to RCE

Skip to content
July 11, 2025OverviewPerfektBlue is a chained Bluetooth Low Energy (BLE) attack that targets the OpenSynergy BlueSDK — a widely used Bluetooth protocol stack embedded in millions of au …
Read more

Published Date:
Jul 11, 2025 (18 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-53506

Published : July 10, 2025, 8:15 p.m. | 2 hours, 24 minutes ago

Description : Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45662

Published : July 10, 2025, 8:15 p.m. | 2 hours, 24 minutes ago

Description : A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user’s browser via a crafted payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53633

Published : July 10, 2025, 8:15 p.m. | 2 hours, 24 minutes ago

Description : Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 14042aa and shipped in v0.1.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53628

Published : July 10, 2025, 8:15 p.m. | 2 hours, 24 minutes ago

Description : cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…