Development

CVE ID : CVE-2025-26199

Published : June 18, 2025, 8:15 p.m. | 1 hour, 29 minutes ago

Description : An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Linux-lek geeft aanvaller roottoegang: “organisaties moeten meteen patchen”

Onderzoekers hebbentwee nieuwe Linux-kwetsbaarheden ontdekt waardoor een niet-geprivilegeerde lokale gebruiker rootrechten kan krijgen. “Gegeven dat udisks overal aanwezig is en de eenvoud van de expl …
Read more

Published Date:
Jun 18, 2025 (4 hours, 20 minutes ago)

Vulnerabilities has been mentioned in this article.

Veeam patches third critical RCE bug in Backup & Replication in space of a year

Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.
Tracked as CVE-2025-23121 with a CVSS v3 …
Read more

Published Date:
Jun 18, 2025 (3 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

CISA warns of attackers exploiting Linux flaw with PoC exploit

CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel’s OverlayFS subsystem that allows them to gain root privileges.
This local privilege e …
Read more

Published Date:
Jun 18, 2025 (3 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices

The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe.
This sophisticated malware …
Read more

Published Date:
Jun 18, 2025 (2 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-4473

CVE-2021-46229

CVE ID : CVE-2024-54172

Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago

Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1349

Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago

Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4

is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1348

Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago

Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20234

Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago

Description : A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46109

Published : June 18, 2025, 3:15 p.m. | 3 hours, 17 minutes ago

Description : SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45786

Published : June 18, 2025, 3:15 p.m. | 1 hour, 45 minutes ago

Description : Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6240

Published : June 18, 2025, 3:15 p.m. | 1 hour, 45 minutes ago

Description : Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-54183

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36049

Published : June 18, 2025, 4:15 p.m. | 2 hours, 17 minutes ago

Description : IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15

is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44951

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36048

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44952

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4820

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim’s congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.

Patches

quiche 0.24.4 is the earliest version containing the fix for this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4821

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim’s congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable’s type, leading to an overflow panic.

Patches

quiche 0.24.4 is the earliest version containing the fix for this issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20271

Published : June 18, 2025, 5:15 p.m. | 1 hour, 17 minutes ago

Description : A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device.

This vulnerability is due to variable initialization errors when an SSL VPN session is established. An attacker could exploit this vulnerability by sending a sequence of crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of all established SSL VPN sessions and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…