Development

CVE ID : CVE-2025-4681

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5740

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that
could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5741

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that
could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an
authenticated session of the web server.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5743

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
vulnerability exists that could cause remote control over the charging station when an authenticated user
modifies configuration parameters on the web server.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5742

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated user modifies configuration parameters on the web server

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-48757: Lovable’s Row-Level Security Breakdown Exposes Sensitive Data Across Hundreds of Projects

Security researcher Matt Palmer has uncovered a critical vulnerability in the Lovable low-code platform, now tracked as CVE-2025-48757, that allows unauthenticated access and data modification due to …
Read more

Published Date:
Jun 10, 2025 (5 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48757

CVE-2024-8940

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

SentinelLABS has unveiled an extensive report detailing a wave of cyber-espionage activity that directly targeted SentinelOne and over 70 other organizations worldwide. Tracked as part of two intercon …
Read more

Published Date:
Jun 10, 2025 (5 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-8963

CVE-2024-8190

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing confirmed evidence of in-the-wild exploi …
Read more

Published Date:
Jun 10, 2025 (3 hours, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover

A critical Privilege Escalation vulnerability has been disclosed in the RealHomes WordPress theme, a popular real estate template with over 33,000 sales on ThemeForest. Tracked as CVE-2025-4601 and ca …
Read more

Published Date:
Jun 10, 2025 (3 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft

Full Disclosure
mailing list archives
From: josephgoyd via Fulldisclosure
Date: Mon, 09 Jun 2025 05:22:35 +0000
Hello Full Disclosure,
This is a strategic public discl …
Read more

Published Date:
Jun 10, 2025 (3 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31201

CVE-2025-31200

CVE ID : CVE-2025-5909

Published : June 10, 2025, 2:15 a.m. | 2 hours, 29 minutes ago

Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5910

Published : June 10, 2025, 3:15 a.m. | 1 hour, 29 minutes ago

Description : A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5911

Published : June 10, 2025, 3:15 a.m. | 2 hours, 27 minutes ago

Description : A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4387

Published : June 10, 2025, 4:15 a.m. | 29 minutes ago

Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may allow for either remote or local code execution depending on the server configuration.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4601

Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago

Description : The “RH – Real Estate WordPress Theme” theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5912

Published : June 10, 2025, 4:15 a.m. | 29 minutes ago

Description : A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5925

Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago

Description : The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5913

Published : June 10, 2025, 4:15 a.m. | 1 hour, 27 minutes ago

Description : A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5934

Published : June 10, 2025, 4:15 a.m. | 29 minutes ago

Description : A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…