Development

CVE ID : CVE-2025-6603

Published : June 25, 2025, 11:15 a.m. | 2 hours, 40 minutes ago

Description : A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads to integer overflow. The attack needs to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25012

Published : June 25, 2025, 12:15 p.m. | 1 hour, 40 minutes ago

Description : URL redirection to an untrusted site (‘Open Redirect’) in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6543

Published : June 25, 2025, 1:15 p.m. | 40 minutes ago

Description : Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6604

Published : June 25, 2025, 1:15 p.m. | 40 minutes ago

Description : A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48954

Published : June 25, 2025, 2:15 p.m. | 14 minutes ago

Description : Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn’t enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

An awesome open graph (social cards) image generator package for Laravel. The post Generate awesome open graph images with Open…

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users…

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from…

Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting…

A new INTERPOL report has sounded the alarm over a dramatic increase in cybercrime across Africa, with digital crime now…

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. …

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a…

This is a bit of a general question. I’m trying to practice my testing skills and perhaps get some better experience with manual testing mature applications. In particular, I’m interested in desktop applications. One good place to do this is with open source projects, particularly those in need of dedicated/semi-dedicated testers. While I know every open source project has its own culture around it, with differing levels of maturity, are there any general tips for OSS testing?

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!

Two newly disclosed vulnerabilities in the Kaleris Navis N4 terminal operating system could allow attackers to remotely compromise container terminal infrastructure, according to a security advisory r …
Read more

Published Date:
Jun 25, 2025 (3 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5087

CVE-2025-2566

CVE-2024-12378

TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges

A significant security vulnerability in the TeamViewer Remote Management solution for Windows that could allow attackers with local access to delete arbitrary files with SYSTEM privileges, potentially …
Read more

Published Date:
Jun 25, 2025 (3 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36537

Adversarial AI Digest — June, 2025

Adversarial AI Digest — June, 2025A digest of AI security research, insights, reports, upcoming events, and tools & resources. Follow AI Security community on Twitter and LinkedIn group for additional …
Read more

Published Date:
Jun 25, 2025 (2 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

NVIDIA Megatron LM Vulnerability Let Attackers Inject Malicious Code

Critical security vulnerabilities in NVIDIA Megatron LM large language model framework that could allow attackers to inject malicious code and gain unauthorized system access.
The company released eme …
Read more

Published Date:
Jun 25, 2025 (2 hours, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23265

CVE-2025-23264

CISA Issued ICS Advisories Covering Current Vulnerabilities and Exploits

CISA has issued eight Industrial Control Systems (ICS) advisories on June 24, 2025, highlighting significant security vulnerabilities across multiple vendors’ systems.
The advisories, coded as ICSA-25 …
Read more

Published Date:
Jun 25, 2025 (1 hour, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

Linux CentOS Web Panel Vulnerability Let Attackers Execute Malicious Remote Code – PoC Released

A critical security vulnerability in CentOS Web Panel (CWP) has been discovered that allows unauthenticated remote attackers to execute arbitrary commands on affected servers.
The flaw, tracked as CVE …
Read more

Published Date:
Jun 25, 2025 (1 hour, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-43880

Published : June 25, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

Description : Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…