CVE ID : CVE-2025-21480
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-21485
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-21486
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27029
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27031
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31710
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27038
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31711
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31712
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3662
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild
Google has rolled out a critical security update for the Chrome browser in its Stable channel, bumping the version to 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux. This patch addr …
Read more
Published Date:
Jun 02, 2025 (4 hours, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted
The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing verified evidence of active exploitation in …
Read more
Published Date:
Jun 03, 2025 (3 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-35939
CVE-2025-3935
CVE-2024-56145
CVE-2023-39780
CVE-2021-32030
CISA Warns of Critical Unauthenticated Access Vulnerability in Instantel Micromate Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of a critical vulnerability affecting all versions of Instantel Micromate, a popular device use …
Read more
Published Date:
Jun 03, 2025 (3 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1907
CVE-2024-8456
Kaspersky Report Reveals Growing Threat from Old Exploits and OS Vulnerabilities in Q1 2025
Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits, platform-specific weaknesses, and mismanaged updates. With over 9,700 vulnerabili …
Read more
Published Date:
Jun 03, 2025 (3 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24071
CVE-2025-21333
CVE-2025-0282
CVE-2024-35250
CVE-2024-3400
CVE-2023-48788
CVE-2023-38831
CVE-2023-28461
CVE-2018-0802
CVE-2017-11882
Linux Flaws Expose Sensitive Data via Core Dumps
In a recent disclosure, the Qualys Threat Research Unit (TRU) has unearthed two local information disclosure vulnerabilities affecting core crash-reporting mechanisms in major Linux distributions. Ass …
Read more
Published Date:
Jun 03, 2025 (2 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5054
CVE-2025-4598
CVE-2023-52447
FiberGateway Router Hacked: Portugal’s 1.6M Homes at Risk
Image: João Domingos
Security researcher João Domingos has published a comprehensive breakdown of a full exploit chain affecting the FiberGateway GR241AG router, used by over 1.6 million households in …
Read more
Published Date:
Jun 03, 2025 (2 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-25246
Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code
Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild.
The vulnerability, tracked as …
Read more
Published Date:
Jun 03, 2025 (1 hour, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5419
CVE-2025-5068
CVE ID : CVE-2025-3919
Published : June 2, 2025, 11:15 p.m. | 2 hours, 21 minutes ago
Description : The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…