Development

CVE ID : CVE-2025-4413

Published : June 18, 2025, 3:15 a.m. | 3 hours, 15 minutes ago

Description : The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50202

Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago

Description : Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user’s uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-51381

Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago

Description : An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4955

Published : June 18, 2025, 6:15 a.m. | 15 minutes ago

Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers u …
Read more

Published Date:
Jun 17, 2025 (17 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Vulnerability / Enterprise Software
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated re …
Read more

Published Date:
Jun 17, 2025 (15 hours, 59 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2019-9875

CVE-2019-9874

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO Device Manager after researchers uncovered serious vulnerabilities that could allow una …
Read more

Published Date:
Jun 18, 2025 (2 hours, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched

Google has rolled out an important security update for the Stable Channel of Chrome, bringing the version number to 137.0.7151.119/.120 for Windows and macOS, and 137.0.7151.119 for Linux. This update …
Read more

Published Date:
Jun 18, 2025 (2 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Veeam, a global leader in data protection and disaster recovery solutions, has issued a critical security update for its flagship product, Veeam Backup & Replication, patching three vulnerabilities—on …
Read more

Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-49149

Published : June 17, 2025, 11:15 p.m. | 1 hour, 32 minutes ago

Description : Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Overview the top-tier Semrush competitors and learn how each platform can revamp your business with its tools, features, and unique…

Are you ready to transform your career and become a data-driven decision maker? We’re excited to announce that freeCodeCamp.org has…

In an age of information overload, AI assistance, and rapid technological change, the ability to think clearly and reason soundly…

Modern chat applications are increasingly incorporating voice input capabilities because they offer a more engaging and versatile user experience. This…

Gemini 2.5 Flash and Pro are now generally available, and we’re introducing 2.5 Flash-Lite, our most cost-efficient and fastest 2.5…

Explore the latest Gemini 2.5 model updates with enhanced performance and accuracy: Gemini 2.5 Pro now stable, Flash generally available,…

During his first year at MIT in 2021, Matthew Caren ’25 received an intriguing email inviting students to apply to…

Research has shown that large language models (LLMs) tend to overemphasize information at the beginning and end of a document…

MIT Morningside Academy for Design (MAD) Fellow Caitlin Morris is an architect, artist, researcher, and educator who has studied psychology and used…

Our 212th episode with a summary and discussion of last week’s big AI news!Recorded on 06/33/2025 Hosted by Andrey Kurenkov…