Development

CVE-2025-49000 – InvenTree Label-Sheet Plugin Denial of Service Vulnerability

CVE ID : CVE-2025-49000

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-49001 – DataEase JWT Token Forgery Vulnerability

CVE ID : CVE-2025-49001

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5527 – Tenda RX3 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5527

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation

Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation

Google has released a comprehensive security update for Android devices addressing multiple high-severity vulnerabilities that could allow privilege escalation and remote code execution.
The update ta …
Read more

Published Date:
Jun 03, 2025 (3 hours, 53 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27029

CVE-2025-21486

CVE-2025-21485

CVE-2024-53026

CVE-2024-53021

CVE-2024-53020

CVE-2024-53019

CVE-2024-53010

CVE-2025-0819

CVE-2025-0073

CVE-2024-47893

CVE-2025-25178

CVE-2025-0468

CVE-2025-0835

CVE-2025-0478

CVE-2024-12837

CVE-2024-12576

CVE-2025-21424

CVE-2025-5419 Zero-Day Vulnerability in Chrome’s V8 Engine

CVE-2025-5419 Zero-Day Vulnerability in Chrome’s V8 Engine

CVE-2025-5419 is a critical zero-day vulnerability discovered in Google Chrome’s V8 JavaScript engine, the core component responsible for executing JavaScript code in the browser. This flaw enables ou …
Read more

Published Date:
Jun 03, 2025 (3 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5419

CVE-2025-1914

CVE-2025-0291

10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code

10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code

A decade-old critical security vulnerability has been discovered in Roundcube Webmail that could allow authenticated attackers to execute arbitrary code on vulnerable systems, potentially affecting mi …
Read more

Published Date:
Jun 03, 2025 (2 hours, 20 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49113

CVE-2024-37383

CVE-2025-23103 – Samsung Exynos Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-23103

Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago

Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-25022 – IBM QRadar Suite Software Information Disclosure

CVE ID : CVE-2025-25022

Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago

Description : IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-45854 – “JEHC-BPM File Upload RCE”

CVE ID : CVE-2025-45854

Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago

Description : An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-44148 – MailEnable Cross Site Scripting (XSS)

CVE ID : CVE-2025-44148

Published : June 3, 2025, 4:15 p.m. | 2 hours, 14 minutes ago

Description : Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5507 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5507

Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago

Description : A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5508 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5508

Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago

Description : A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

CVE ID : CVE-2025-5509

Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago

Description : A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-23107 – Samsung Exynos Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-23107

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-30167 – Jupyter Core Unrestricted Configuration File Path Vulnerability

CVE ID : CVE-2025-30167

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-32106 – Audiocodes Mediapack Remote Code Execution Vulnerability

CVE ID : CVE-2025-32106

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user’s ability to execute unauthorized code.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5512 – Quequnlong Shiyi-Blog Administrator Backend Improper Authentication Remote Vulnerability

CVE ID : CVE-2025-5512

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5511 – “Quequnlong Shiyi-Blog Remote Unauthorized File Access Vulnerability”

CVE ID : CVE-2025-5511

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5510 – Shiyi-Blog Remote Server-Side Request Forgery (SSRF) Vulnerability

CVE ID : CVE-2025-5510

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…