Development

CVE ID : CVE-2025-5430

Published : June 2, 2025, 5:16 a.m. | 2 hours, 5 minutes ago

Description : A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5431

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1485

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3951

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5432

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

DevSecOps Phase 4B: Manual Penetration Testing

🔐 DevSecOps Phase 4B: Manual Penetration TestingHere’s a comprehensive deep-dive guide into Step 4B of DevSecOps — “Test Stage → Manual Penetration Testing”, covering:ObjectiveDevSecOps Integration Ob …
Read more

Published Date:
Jun 01, 2025 (13 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

Automating Patch Management Reducing Vulnerabilities at Scale

As cybersecurity threats continue to escalate, organizations worldwide are turning to automated patch management solutions to combat an alarming statistic: 80% of cyberattacks occur due to unpatched s …
Read more

Published Date:
Jun 01, 2025 (10 hours, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-53677

NetSPI Details Multiple Local Privilege Escalation Vulnerabilities in SonicWall NetExtender

In a detailed investigation, NetSPI security researchers have uncovered multiple high-risk local privilege escalation (LPE) vulnerabilities in SonicWall’s NetExtender VPN client for Windows, tracked a …
Read more

Published Date:
Jun 02, 2025 (3 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23010

CVE-2025-23009

CVE-2025-23007

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Image: Rapid7
Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax server (versions
Read more

Published Date:
Jun 02, 2025 (3 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48047

CVE-2025-48046

CVE-2025-48045

CVE-2024-8456

CVE-2024-38094

CVE-2022-26923

CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning of two critical security vulnerabilities affecting all versions of the Consilium Safety CS5000 Fire Pane …
Read more

Published Date:
Jun 02, 2025 (2 hours, 53 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46352

CVE-2025-41438

CVE-2024-22039

CVE ID : CVE-2025-5400

Published : June 1, 2025, 9:15 a.m. | 18 hours, 5 minutes ago

Description : A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument u_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1499

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25044

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2896

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-33004

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-33005

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5401

Published : June 1, 2025, 1:15 p.m. | 14 hours, 5 minutes ago

Description : A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40908

Published : June 1, 2025, 2:15 p.m. | 13 hours, 5 minutes ago

Description : YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5402

Published : June 1, 2025, 2:15 p.m. | 13 hours, 5 minutes ago

Description : A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5403

Published : June 1, 2025, 4:15 p.m. | 11 hours, 5 minutes ago

Description : A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…