Useful Laravel links to read/watch for this week of June 26, 2025. Source: Read MoreÂ
Development
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors…
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to…
SafePay is a relatively new ransomware that is making a big impact. Find out how it is different from other…
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets…
Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine
Apple was recently fined €500 million by the European Union for failing to comply with the Digital Markets Act. Although the fine has yet to be paid, the company has begun revising its developer polic …
Read more
Published Date:
Jun 27, 2025 (3 hours, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-23222
CVE ID : CVE-2025-4587
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ab-testing-for-wp/ab-test-block’ block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the ‘id’ parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5306
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5936
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5940
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6689
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6550
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6688
Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user’s identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-12827
Published : June 27, 2025, 9:15 a.m. | 44 minutes ago
Description : The DWT – Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user’s password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2940
Published : June 27, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5398
Published : June 27, 2025, 10:15 a.m. | 54 minutes ago
Description : The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server
IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0. With a CVSS base score of 9.0, this flaw could allow …
Read more
Published Date:
Jun 27, 2025 (3 hours, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-36038
CVE-2022-34165
Cisco ISE Vulnerabilities June 2025
Skip to contentCisco has disclosed three major security vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC platforms. Two of them are critical remote code execution (RCE) flaws that can …
Read more
Published Date:
Jun 27, 2025 (2 hours, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20282
CVE-2025-20281
CVE-2025-20264
CVE-2025-49144
CVE-2024-20399
APT-C-36 Hackers Attacking Government Institutions, Financial Organizations, and Critical Infrastructure
Since 2018, the advanced persistent threat group APT-C-36, commonly known as Blind Eagle, has emerged as a formidable cyber adversary targeting critical sectors across Latin America.
This sophisticate …
Read more
Published Date:
Jun 27, 2025 (1 hour, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-43451
CVE ID : CVE-2025-47824
Published : June 27, 2025, 3:15 a.m. | 3 hours, 53 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…