Google dicht actief misbruikt V8-beveiligingslek in Chrome
Google heeft een actief aangevallen beveiligingslek in Chrome gedicht. De kwetsbaarheid bevond zich in V8, de JavaScript-engine die Chrome en andere browsers gebruiken voor het uitvoeren van JavaScrip …
Read more
Published Date:
Jun 03, 2025 (4 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5419
Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely
Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and acc …
Read more
Published Date:
Jun 03, 2025 (4 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-37096
CVE-2025-37095
CVE-2025-37094
CVE-2025-37093
CVE-2025-37092
CVE-2025-37091
CVE-2025-37089
ASUS Urges Windows 11 Upgrade: The Dawn of AI-Powered PCs and the End of Windows 10
Last month, hardware manufacturer ASUS published an article exploring the necessity of upgrading to Windows 11, as Microsoft will officially end support for Windows 10 on October 14. After this date, …
Read more
Published Date:
Jun 03, 2025 (2 hours, 27 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
New ModSecurity WAF Vulnerability Let Attackers Crash the System
A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Ng …
Read more
Published Date:
Jun 03, 2025 (1 hour, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-48866
CVE-2025-26396
CVE-2025-47947
SolarWinds Dameware Remote Control Service Vulnerability Allows Privilege Escalation
A significant vulnerability, CVE-2025-26396, affects the SolarWinds Dameware Mini Remote Control Service could allow attackers to escalate privileges on affected systems.
Security researcher Alexander …
Read more
Published Date:
Jun 03, 2025 (1 hour, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26396
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year.
“Google is aware that an exploit for CVE-2025-5419 exi …
Read more
Published Date:
Jun 03, 2025 (1 hour, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5419
CVE-2025-2783
CVE ID : CVE-2025-5492
Published : June 3, 2025, 11:15 a.m. | 16 minutes ago
Description : A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5493
Published : June 3, 2025, 11:15 a.m. | 16 minutes ago
Description : A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-21479
Published : June 3, 2025, 7:15 a.m. | 2 hours, 29 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41428
Published : June 3, 2025, 8:15 a.m. | 3 hours, 13 minutes ago
Description : Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46355
Published : June 3, 2025, 8:15 a.m. | 3 hours, 13 minutes ago
Description : Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1725
Published : June 3, 2025, 9:15 a.m. | 2 hours, 13 minutes ago
Description : The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4420
Published : June 3, 2025, 9:15 a.m. | 2 hours, 13 minutes ago
Description : The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5103
Published : June 3, 2025, 9:15 a.m. | 2 hours, 13 minutes ago
Description : The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘default_price’ and ‘product_id’ parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5116
Published : June 3, 2025, 9:15 a.m. | 2 hours, 13 minutes ago
Description : The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-36486
Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago
Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-52561
Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago
Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31359
Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago
Description : A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-54189
Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago
Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4392
Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago
Description : The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…