Development

CVE ID : CVE-2025-24291

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk.

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24287

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50181

Published : June 19, 2025, 1:15 a.m. | 47 minutes ago

Description : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Thanks to JSON module scripts and import attributes, you can now directly import JSON in JavaScript modules. Both features are…

When I was beginning to learn about networks, I didn’t know how many things in my daily life depended on…

Part 1: Plug In or Vanish I should’ve listened to the warning signs.Not the ones nailed to the trees, but…

Accessibility is often viewed through the lens of accommodations, making modifications after barriers are identified. But true inclusion starts with…

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called…

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments…

In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that…

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and…

In this post, we explore how generative AI can revolutionize threat modeling practices by automating vulnerability identification, generating comprehensive attack…

Developing robust text-to-SQL capabilities is a critical challenge in the field of natural language processing (NLP) and database management. The…

Meetings play a crucial role in decision-making, project coordination, and collaboration, and remote meetings are common across many organizations. However,…

The Shift in Agentic AI System Needs LLMs are widely admired for their human-like capabilities and conversational skills. However, with…

In this tutorial, we walk you through building an enhanced web scraping tool that leverages BrightData’s powerful proxy network alongside…

CVE ID : CVE-2025-26198

Published : June 18, 2025, 6:15 p.m. | 2 hours, 29 minutes ago

Description : CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The application fails to properly sanitize user inputs before constructing SQL queries, enabling an attacker to manipulate database queries via specially crafted payloads

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29646

Published : June 18, 2025, 6:15 p.m. | 3 hours, 29 minutes ago

Description : An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6192

Published : June 18, 2025, 7:15 p.m. | 1 hour, 29 minutes ago

Description : Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6191

Published : June 18, 2025, 7:15 p.m. | 2 hours, 29 minutes ago

Description : Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…