CVE ID : CVE-2025-4681
Published : June 10, 2025, 9:15 a.m. | 29 minutes ago
Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5740
Published : June 10, 2025, 9:15 a.m. | 29 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that
could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5741
Published : June 10, 2025, 9:15 a.m. | 29 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that
could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an
authenticated session of the web server.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 29 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
vulnerability exists that could cause remote control over the charging station when an authenticated user
modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 29 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE-2025-48757: Lovable’s Row-Level Security Breakdown Exposes Sensitive Data Across Hundreds of Projects
Security researcher Matt Palmer has uncovered a critical vulnerability in the Lovable low-code platform, now tracked as CVE-2025-48757, that allows unauthenticated access and data modification due to …
Read more
Published Date:
Jun 10, 2025 (5 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-48757
CVE-2024-8940
Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns
SentinelLABS has unveiled an extensive report detailing a wave of cyber-espionage activity that directly targeted SentinelOne and over 70 other organizations worldwide. Tracked as part of two intercon …
Read more
Published Date:
Jun 10, 2025 (5 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-8963
CVE-2024-8190
CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing confirmed evidence of in-the-wild exploi …
Read more
Published Date:
Jun 10, 2025 (3 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover
A critical Privilege Escalation vulnerability has been disclosed in the RealHomes WordPress theme, a popular real estate template with over 33,000 sales on ThemeForest. Tracked as CVE-2025-4601 and ca …
Read more
Published Date:
Jun 10, 2025 (3 hours, 36 minutes ago)
Vulnerabilities has been mentioned in this article.
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Full Disclosure
mailing list archives
From: josephgoyd via Fulldisclosure
Date: Mon, 09 Jun 2025 05:22:35 +0000
Hello Full Disclosure,
This is a strategic public discl …
Read more
Published Date:
Jun 10, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-31201
CVE-2025-31200
CVE ID : CVE-2025-5909
Published : June 10, 2025, 2:15 a.m. | 2 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5910
Published : June 10, 2025, 3:15 a.m. | 1 hour, 29 minutes ago
Description : A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-55595
Published : June 10, 2025, 3:15 a.m. | 2 hours, 27 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5911
Published : June 10, 2025, 3:15 a.m. | 2 hours, 27 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4387
Published : June 10, 2025, 4:15 a.m. | 29 minutes ago
Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may allow for either remote or local code execution depending on the server configuration.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4601
Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago
Description : The “RH – Real Estate WordPress Theme” theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5912
Published : June 10, 2025, 4:15 a.m. | 29 minutes ago
Description : A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5925
Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago
Description : The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5913
Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5934
Published : June 10, 2025, 4:15 a.m. | 29 minutes ago
Description : A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…