Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!
Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ syste …
Read more
Published Date:
Jun 18, 2025 (2 hours, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-1562
Published : June 18, 2025, 8:15 a.m. | 1 hour, 14 minutes ago
Description : The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5981
Published : June 18, 2025, 9:15 a.m. | 14 minutes ago
Description : Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR’s unpack() function for container images. Particularly, when using the CLI flag –remote-image on untrusted container images.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI
Microsoft recently released a new study titled “2025 Work Trend Index Annual Report,” in which it issues a warning about the rise of the “infinite workday.” The report describes this phenomenon as a p …
Read more
Published Date:
Jun 18, 2025 (3 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-24787
CVE-2023-34966
Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping
The decentralized social networking platform Mastodon has recently issued an email to its users, notifying them of an update to its Terms of Service. The most significant change introduced is a formal …
Read more
Published Date:
Jun 18, 2025 (3 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-23832
CVE-2023-36460
Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available
A dangerous Linux privilege escalation vulnerability, CVE-2023-0386, has officially entered the CISA Known Exploited Vulnerabilities (KEV) Catalog amid confirmed reports of active exploitation in the …
Read more
Published Date:
Jun 18, 2025 (3 hours, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-0386
Trinper Backdoor Exploiting Chrome Zero-Day CVE-2025-2783
A critical vulnerability in Google Chrome, tracked as CVE-2025-2783, has been exploited in cyberattacks deploying the Trinper backdoor. The flaw, a sandbox escape vulnerability, enables attackers to e …
Read more
Published Date:
Jun 18, 2025 (3 hours, 13 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26685
CVE-2025-2783
KimJongRAT Returns: New PE & PowerShell Variants Steal Crypto and Browser Data via CDNs
Unit 42 has uncovered two newly evolved variants of the KimJongRAT malware, one using traditional PE (Portable Executable) files and the other employing PowerShell-based scripts to infiltrate systems, …
Read more
Published Date:
Jun 18, 2025 (2 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-2530
Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros
The Qualys Threat Research Unit (TRU) has unveiled two interconnected privilege escalation vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can allow any local attacker to gain full root access on …
Read more
Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
Full Disclosure
mailing list archives
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26412
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
Full Disclosure
mailing list archives
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5301
: “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Full Disclosure
mailing list archives
From: josephgoyd via Fulldisclosure
Date: Tue, 10 Jun 2025 14:48:51 +0000
“Glass Cage” – Sophisticated Zero-Click iMessage Exploi …
Read more
Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24201
CVE-2025-24085
CVE ID : CVE-2025-23252
Published : June 18, 2025, 1:15 a.m. | 5 hours, 15 minutes ago
Description : The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4413
Published : June 18, 2025, 3:15 a.m. | 3 hours, 15 minutes ago
Description : The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50202
Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago
Description : Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user’s uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51381
Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago
Description : An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4955
Published : June 18, 2025, 6:15 a.m. | 15 minutes ago
Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers u …
Read more
Published Date:
Jun 17, 2025 (17 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Vulnerability / Enterprise Software
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated re …
Read more
Published Date:
Jun 17, 2025 (15 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-9875
CVE-2019-9874
WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits
German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO Device Manager after researchers uncovered serious vulnerabilities that could allow una …
Read more
Published Date:
Jun 18, 2025 (2 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.