CVE ID : CVE-2025-23097
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23098
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23100
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-35036
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5523
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5525
Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago
Description : A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48951
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49002
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48999
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566’s patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49000
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49001
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5527
Published : June 3, 2025, 9:15 p.m. | 30 minutes ago
Description : A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation
Google has released a comprehensive security update for Android devices addressing multiple high-severity vulnerabilities that could allow privilege escalation and remote code execution.
The update ta …
Read more
Published Date:
Jun 03, 2025 (3 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27029
CVE-2025-21486
CVE-2025-21485
CVE-2024-53026
CVE-2024-53021
CVE-2024-53020
CVE-2024-53019
CVE-2024-53010
CVE-2025-0819
CVE-2025-0073
CVE-2024-47893
CVE-2025-25178
CVE-2025-0468
CVE-2025-0835
CVE-2025-0478
CVE-2024-12837
CVE-2024-12576
CVE-2025-21424
CVE-2025-5419 Zero-Day Vulnerability in Chrome’s V8 Engine
CVE-2025-5419 is a critical zero-day vulnerability discovered in Google Chrome’s V8 JavaScript engine, the core component responsible for executing JavaScript code in the browser. This flaw enables ou …
Read more
Published Date:
Jun 03, 2025 (3 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5419
CVE-2025-1914
CVE-2025-0291
10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code
A decade-old critical security vulnerability has been discovered in Roundcube Webmail that could allow authenticated attackers to execute arbitrary code on vulnerable systems, potentially affecting mi …
Read more
Published Date:
Jun 03, 2025 (2 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49113
CVE-2024-37383
CVE ID : CVE-2025-23103
Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25022
Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45854
Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44148
Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5507
Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago
Description : A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…