Development

CVE ID : CVE-2025-6345

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6346

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44203

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the ‘create database’ button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45331

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5416

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6193

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod’s terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45890

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6351

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6347

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6352

Published : June 20, 2025, 4:15 p.m. | 1 hour, 9 minutes ago

Description : A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49132

Published : June 20, 2025, 5:15 p.m. | 59 minutes ago

Description : Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel’s server, read credentials from the Panel’s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

TCC Bypass vulnerabilities in two macOS applications

CVE ID
CVE-2025-5255
Publication date
20 June 2025
Vendor
Core.ai
Product
Phoenix Code
Vulnerable versions
All through 4.0.3
Vulnerability type (CWE)
Incorrect Default Permissions (CWE-276)
Report sou …
Read more

Published Date:
Jun 20, 2025 (3 hours, 58 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5963

CVE-2025-5255

WhatsApp: FreeType-lek gebruikt bij aanvallen met Paragon-spyware

Een kwetsbaarheid in FreeType die in maart door Meta werd geopenbaard is gebruikt bij aanvallen met de Graphite-spyware van Paragon Solutions. Dat heeft WhatsApp tegenover SecurityWeek laten weten. Fr …
Read more

Published Date:
Jun 20, 2025 (3 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27363

Everything You Need to Know About CVE-2025–3248: Langflow RCE Vulnerability Explained

CVE-2025–3248: Langflow RCE — When Your AI Pipeline Becomes an Attacker’s PlaygroundIntroductionIn today’s fast-evolving AI ecosystem, frameworks like Langflow are becoming increasingly popular for bu …
Read more

Published Date:
Jun 20, 2025 (3 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

Insomnia API Client Vulnerability Arbitrary Code Execution via Template Injection

A severe security vulnerability has been discovered in the widely-used Insomnia API Client that allows attackers to execute arbitrary code through malicious template injection.
The vulnerability, trac …
Read more

Published Date:
Jun 20, 2025 (3 hours, 4 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-1087

How to Lock Down the No-Code Supply Chain Attack Surface

Source: Frank Peters via Alamy Stock PhotoCOMMENTARYModern enterprise software development increasingly relies on a vast and complex supply chain of third-party components, integrations, and framework …
Read more

Published Date:
Jun 20, 2025 (53 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-36019

CVE ID : CVE-2025-4981

Published : June 20, 2025, 11:15 a.m. | 2 hours, 44 minutes ago

Description : Mattermost versions 10.5.x
Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6332

Published : June 20, 2025, 11:15 a.m. | 3 hours, 28 minutes ago

Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /admin/manage-directory.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6333

Published : June 20, 2025, 11:15 a.m. | 3 hours, 28 minutes ago

Description : A vulnerability, which was classified as critical, was found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6334

Published : June 20, 2025, 11:15 a.m. | 3 hours, 28 minutes ago

Description : A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…