CVE ID : CVE-2025-3091
Published : June 24, 2025, 9:15 a.m. | 1 hour, 38 minutes ago
Description : An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3092
Published : June 24, 2025, 9:15 a.m. | 1 hour, 38 minutes ago
Description : An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6206
Published : June 24, 2025, 9:15 a.m. | 1 hour, 38 minutes ago
Description : The Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘aiomatic_image_editor_ajax_submit’ function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36519
Published : June 24, 2025, 5:15 a.m. | 4 hours, 21 minutes ago
Description : Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43877
Published : June 24, 2025, 5:15 a.m. | 4 hours, 21 minutes ago
Description : WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48890
Published : June 24, 2025, 5:15 a.m. | 4 hours, 44 minutes ago
Description : WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41427
Published : June 24, 2025, 5:15 a.m. | 4 hours, 44 minutes ago
Description : WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43879
Published : June 24, 2025, 5:15 a.m. | 4 hours, 44 minutes ago
Description : WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2962
Published : June 24, 2025, 6:15 a.m. | 3 hours, 21 minutes ago
Description : A denial-of-service issue in the dns implemenation could cause an infinite loop.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3090
Published : June 24, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50213
Published : June 24, 2025, 8:15 a.m. | 1 hour, 21 minutes ago
Description : Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.
This issue affects Apache Airflow Providers Snowflake: before 6.4.0.
Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection
Users are recommended to upgrade to version 6.4.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5258
Published : June 24, 2025, 8:15 a.m. | 1 hour, 21 minutes ago
Description : The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE-2025-32975 – Quest KACE SMA Authentication Bypass
Full Disclosure
mailing list archives
From: Seralys Research Team via Fulldisclosure
Date: Mon, 23 Jun 2025 22:42:51 +0000
Seralys Security Advisory | https://www.sera …
Read more
Published Date:
Jun 24, 2025 (3 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32976 – Quest KACE SMA 2FA Bypass
Full Disclosure
mailing list archives
From: Seralys Research Team via Fulldisclosure
Date: Mon, 23 Jun 2025 22:44:34 +0000
Seralys Security Advisory | https://www.sera …
Read more
Published Date:
Jun 24, 2025 (3 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32977 – Quest KACE Unauthenticated Backup Upload
Full Disclosure
mailing list archives
From: Seralys Research Team via Fulldisclosure
Date: Mon, 23 Jun 2025 22:47:23 +0000
Seralys Security Advisory | https://www.sera …
Read more
Published Date:
Jun 24, 2025 (3 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32978 – Quest KACE SMA Unauthenticated License Replacement
Full Disclosure
mailing list archives
From: Seralys Research Team via Fulldisclosure
Date: Mon, 23 Jun 2025 22:48:48 +0000
Seralys Security Advisory | https://www.sera …
Read more
Published Date:
Jun 24, 2025 (3 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution
A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of users to a severe directory traversal flaw that could lead to remote code …
Read more
Published Date:
Jun 24, 2025 (3 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6218
CVE-2023-40477
CVE-2023-38831
Windows 11 Gets New UI Customization: Reposition System Indicator Bar to Top-Center or Top-Left
Hardware indicator for volume shown at the top center
In the latest releases of Windows 11—Build 26200.5661 (Dev Channel) and Build 26120.4452 (Beta Channel)—Microsoft has introduced an enhancement to …
Read more
Published Date:
Jun 24, 2025 (2 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29775
CVE-2025-29774
CVE ID : CVE-2025-48463
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48467
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…