Development

CVE-2025-49150 – Cursor JSON File Remote Request Vulnerability

June 11, 2025

CVE ID : CVE-2025-49150

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Office Vulnerabilities Let Attackers Execute Remote Code

June 11, 2025

Microsoft Office Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-4716 …
Read more

Published Date:
Jun 11, 2025 (1 hour, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47953

CVE-2025-47167

CVE-2025-47164

CVE-2025-47162

Windows Common Log File System Driver Vulnerability Let Attackers Escalate Privileges

June 11, 2025

Windows Common Log File System Driver Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability in the Windows Common Log File System Driver (CLFS) enables attackers to escalate their privileges to SYSTEM level access.
The vulnerability, tracked as CVE-2025-3271 …
Read more

Published Date:
Jun 11, 2025 (1 hour, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32713

Microsoft creates separate Windows 11 24H2 update for incompatible PCs

June 11, 2025

Microsoft creates separate Windows 11 24H2 update for incompatible PCs

Microsoft confirmed on Tuesday that it’s pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month’s Patch Tuesday.
“This …
Read more

Published Date:
Jun 11, 2025 (1 hour, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33053

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

June 11, 2025

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

A significant security vulnerability in Windows Task Scheduler could allow attackers to escalate their privileges to SYSTEM level access without requiring initial administrative rights.
Designated as …
Read more

Published Date:
Jun 11, 2025 (1 hour, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33067

Hackers exploited Windows WebDav zero-day to drop malware

June 11, 2025

Hackers exploited Windows WebDav zero-day to drop malware

An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, a …
Read more

Published Date:
Jun 11, 2025 (1 hour, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33053

Mirai Botnets Exploit Flaw in Wazuh Security Platform

June 11, 2025

Mirai Botnets Exploit Flaw in Wazuh Security Platform

Source: Sleepyfellow via Alamy Stock PhotoTwo separate Mirai botnet campaigns are exploiting a critical flaw in a somewhat unlikely target.The Akamai Security Intelligence and Response Team recently o …
Read more

Published Date:
Jun 11, 2025 (3 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24016

CoreDNS Vulnerability Let Attackers Exhaust Server Memory Via Amplification Attack

June 11, 2025

CoreDNS Vulnerability Let Attackers Exhaust Server Memory Via Amplification Attack

A high-severity security vulnerability has been discovered in CoreDNS, one of the most widely used DNS servers in cloud-native environments, particularly within Kubernetes clusters.
The flaw, designat …
Read more

Published Date:
Jun 11, 2025 (2 hours, 7 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47950

Apache CloudStack Vulnerability Let Attackers Perform Privileged Actions

June 11, 2025

Apache CloudStack Vulnerability Let Attackers Perform Privileged Actions

Multiple critical vulnerabilities in popular versions of the Apache CloudStack platform could allow attackers to perform privileged actions and compromise cloud infrastructure systems.
The security ad …
Read more

Published Date:
Jun 11, 2025 (2 hours, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-30675

CVE-2025-47849

CVE-2025-47713

CVE-2025-26521

CVE-2025-22829

New Secure Boot Bypass Vulnerability Let Attackers Install Malware in PCs and Servers Boot Process

June 11, 2025

New Secure Boot Bypass Vulnerability Let Attackers Install Malware in PCs and Servers Boot Process

A critical vulnerability has emerged that threatens the fundamental security of modern computing systems, allowing attackers to bypass Secure Boot protections and install malware directly into the boo …
Read more

Published Date:
Jun 11, 2025 (2 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3052

Brute-force attacks target Apache Tomcat management panels

June 11, 2025

Brute-force attacks target Apache Tomcat management panels

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online.
Tomcat is a popular open-source web server widely used by l …
Read more

Published Date:
Jun 11, 2025 (2 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24813

CVE-2024-56337

CVE-2024-50379

CVE-2025-26521 – Apache CloudStack CKS Kubernetes Cluster API Key and Secret Key Exposure Vulnerability

June 11, 2025

CVE ID : CVE-2025-26521

Published : June 10, 2025, 11:15 p.m. | 18 hours, 14 minutes ago

Description : When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the ‘kubeadmin’ user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the ‘kubeadmin’ user of the CKS cluster’s creator’s account. An attacker who’s a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator’s account.

CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role “Project Kubernetes Service Role” with the following details:

Account Name
kubeadmin-
First Name
Kubernetes
Last Name
Service User
Account Type
0 (Normal User)
Role ID

2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.
3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.
4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:
api-url = # For example: /client/api
api-key =
secret-key =
project-id =

Delete the existing secret using kubectl and Kubernetes cluster config:
./kubectl –kubeconfig kube.conf -n kube-system delete secret cloudstack-secret

Create a new secret using kubectl and Kubernetes cluster config:
./kubectl –kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret –from-file=/tmp/cloud-config

Remove the temporary file:
rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-32711 – Microsoft 365 Copilot Command Injection Vulnerability

June 11, 2025

CVE ID : CVE-2025-32711

Published : June 11, 2025, 2:15 p.m. | 3 hours, 14 minutes ago

Description : Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40914 – Perl CryptX Integer Overflow Vulnerability

June 11, 2025

CVE ID : CVE-2025-40914

Published : June 11, 2025, 2:15 p.m. | 3 hours, 14 minutes ago

Description : Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.

CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-35941 – Apache Struts Password Exposure

June 11, 2025

CVE ID : CVE-2025-35941

Published : June 11, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : A password is exposed locally.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4922 – Nomad Prefix-Based ACL Policy Vulnerability (Insufficient ACL Resolution)

June 11, 2025

CVE ID : CVE-2025-4922

Published : June 11, 2025, 2:15 p.m. | 3 hours, 14 minutes ago

Description : Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4605 – Autodesk Maya Uncontrolled Memory Allocation Vulnerability

June 11, 2025

CVE ID : CVE-2025-4605

Published : June 11, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3473 – IBM Security Guardium Privilege Escalation Local Buffer Overflow

June 11, 2025

CVE ID : CVE-2025-3473

Published : June 11, 2025, 3:15 p.m. | 46 minutes ago

Description : IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0163 – IBM Security Verify Access Appliance and Docker Information Disclosure Vulnerability

June 11, 2025

CVE ID : CVE-2025-0163

Published : June 11, 2025, 3:15 p.m. | 46 minutes ago

Description : IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-48013 – Drupal Quick Node Block Missing Authorization Vulnerability

June 11, 2025

CVE ID : CVE-2025-48013

Published : June 11, 2025, 3:15 p.m. | 46 minutes ago

Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Highlights

CVE-2025-4353 – Golden Link Secondary System SQL Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-4353

Published : May 6, 2025, 12:15 p.m. | 3 hours, 19 minutes ago

Description : A vulnerability, which was classified as critical, was found in Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…