Development

CVE ID : CVE-2025-5071

Published : June 19, 2025, 10:15 a.m. | 21 minutes ago

Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5234

Published : June 19, 2025, 10:15 a.m. | 21 minutes ago

Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386.
The vulnerabilit …
Read more

Published Date:
Jun 18, 2025 (18 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6029

CVE-2024-26809

CVE-2023-0386

CVE-2025-23121 Remote Code Execution in Veeam

📌 OverviewCVE-2025-23121 is a critical remote code execution (RCE) vulnerability identified in Veeam Backup & Replication (VBR) software. The flaw affects domain-joined backup servers and allows any a …
Read more

Published Date:
Jun 19, 2025 (5 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24287

CVE-2025-24286

CVE-2025-23121

CVE-2025-26685

CVE-2025-2783

CVE-2024-29212

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

Cisco has disclosed a vulnerability in its Meraki MX and Z Series devices, affecting the Cisco AnyConnect VPN service and allowing unauthenticated remote attackers to trigger a denial-of-service (DoS) …
Read more

Published Date:
Jun 19, 2025 (4 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which is installed on more than 100,000 websites. Tracked as CVE-2025-5071, this flaw en …
Read more

Published Date:
Jun 19, 2025 (4 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9 to address two significant security vulnerabilities that could lead to denial-of-servic …
Read more

Published Date:
Jun 19, 2025 (4 hours, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute remote code or escalate privileges by exploiting insecure file up …
Read more

Published Date:
Jun 19, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23172

CVE-2025-23171

CVE-2025-30353

CVE-2024-42450

CVE-2024-45229

CVE-2023-22651

Windows 11 Recall Adds Data Export for EU Users: Share Snapshots with Third Parties

Revamped “Start” Menu Interface
If your laptop is equipped with an NPU unit, you can take advantage of the newly introduced Recall feature in the latest version of Windows 11, which is powered by arti …
Read more

Published Date:
Jun 19, 2025 (3 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-1313

Intel Prepares Massive Layoffs: Up to 20% of Foundry Division Workforce Cut Starting July 2025

Since the autumn of 2024, Intel has been undergoing waves of layoffs, and the trend shows no signs of abating. According to the latest reports, the company is preparing for a significant round of job …
Read more

Published Date:
Jun 19, 2025 (3 hours, 27 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2022-21198

CVE ID : CVE-2025-5524

Published : June 19, 2025, 5:15 a.m. | 17 minutes ago

Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50182

Published : June 19, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52467

Published : June 19, 2025, 3:15 a.m. | 2 hours, 44 minutes ago

Description : pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4661

Published : June 19, 2025, 3:15 a.m. | 1 hour, 51 minutes ago

Description : A path transversal vulnerability in
Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to
gain access to files outside the intended directory potentially leading
to the disclosure of sensitive information.

Note: Admin level privilege is required on the switch in order to exploit

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50183

Published : June 19, 2025, 3:15 a.m. | 1 hour, 51 minutes ago

Description : OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in

CVE ID : CVE-2025-6201

Published : June 19, 2025, 3:15 a.m. | 1 hour, 51 minutes ago

Description : The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4367

Published : June 19, 2025, 4:15 a.m. | 51 minutes ago

Description : The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50201

Published : June 19, 2025, 4:15 a.m. | 51 minutes ago

Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server’s operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4479

Published : June 19, 2025, 4:15 a.m. | 51 minutes ago

Description : The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget’s before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52474

Published : June 19, 2025, 4:15 a.m. | 51 minutes ago

Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…