Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros
The Qualys Threat Research Unit (TRU) has unveiled two interconnected privilege escalation vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can allow any local attacker to gain full root access on …
Read more
Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
Full Disclosure
mailing list archives
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26412
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
Full Disclosure
mailing list archives
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5301
: “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Full Disclosure
mailing list archives
From: josephgoyd via Fulldisclosure
Date: Tue, 10 Jun 2025 14:48:51 +0000
“Glass Cage” – Sophisticated Zero-Click iMessage Exploi …
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24201
CVE-2025-24085
CVE ID : CVE-2025-23252
Published : June 18, 2025, 1:15 a.m. | 5 hours, 15 minutes ago
Description : The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4413
Published : June 18, 2025, 3:15 a.m. | 3 hours, 15 minutes ago
Description : The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50202
Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago
Description : Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user’s uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51381
Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago
Description : An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4955
Published : June 18, 2025, 6:15 a.m. | 15 minutes ago
Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers u …
Read more
Published Date:
Jun 17, 2025 (17 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Vulnerability / Enterprise Software
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated re …
Read more
Published Date:
Jun 17, 2025 (15 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-9875
CVE-2019-9874
WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits
German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO Device Manager after researchers uncovered serious vulnerabilities that could allow una …
Read more
Published Date:
Jun 18, 2025 (2 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched
Google has rolled out an important security update for the Stable Channel of Chrome, bringing the version number to 137.0.7151.119/.120 for Windows and macOS, and 137.0.7151.119 for Linux. This update …
Read more
Published Date:
Jun 18, 2025 (2 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers
Veeam, a global leader in data protection and disaster recovery solutions, has issued a critical security update for its flagship product, Veeam Backup & Replication, patching three vulnerabilities—on …
Read more
Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-49149
Published : June 17, 2025, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Overview the top-tier Semrush competitors and learn how each platform can revamp your business with its tools, features, and unique…
Are you ready to transform your career and become a data-driven decision maker? We’re excited to announce that freeCodeCamp.org has…
In an age of information overload, AI assistance, and rapid technological change, the ability to think clearly and reason soundly…
Modern chat applications are increasingly incorporating voice input capabilities because they offer a more engaging and versatile user experience. This…
Gemini 2.5 Flash and Pro are now generally available, and we’re introducing 2.5 Flash-Lite, our most cost-efficient and fastest 2.5…