Development

CVE ID : CVE-2025-45931

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45143

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52895

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52896

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6916

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6915

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authe …
Read more

Published Date:
Jun 30, 2025 (3 hours, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

CVE-2025-5777

‘Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden’

Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden, zo laat The Shadowserver Foundation vandaag weten. Het gaat onder andere om een actief misbruikt beveiligingslek. De afgelopen w …
Read more

Published Date:
Jun 30, 2025 (3 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

CVE-2025-5777

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for …
Read more

Published Date:
Jun 30, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

CVE-2025-5777

CVE-2025-5349

CVE-2025-5439

CVE-2023-4966

Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attack …
Read more

Published Date:
Jun 30, 2025 (1 hour, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

CVE ID : CVE-2024-8419

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41439

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53416

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6901

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6902

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /php_action/editUser.php. The manipulation of the argument edituserName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40710

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6903

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6904

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…