Development

CVE ID : CVE-2022-50232

Published : June 18, 2025, 11:15 a.m. | 3 hours, 16 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

arm64: set UXN on swapper page tables

[ This issue was fixed upstream by accident in c3cee924bd85 (“arm64:
head: cover entire kernel image in initial ID map”) as part of a
large refactoring of the arm64 boot flow. This simple fix is therefore
preferred for -stable backporting ]

On a system that implements FEAT_EPAN, read/write access to the idmap
is denied because UXN is not set on the swapper PTEs. As a result,
idmap_kpti_install_ng_mappings panics the kernel when accessing
__idmap_kpti_flag. Fix it by setting UXN on these PTEs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6220

Published : June 18, 2025, 12:15 p.m. | 2 hours, 16 minutes ago

Description : The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_options’ function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45661

Published : June 18, 2025, 2:15 p.m. | 16 minutes ago

Description : A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45784

Published : June 18, 2025, 2:15 p.m. | 16 minutes ago

Description : D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46157

Published : June 18, 2025, 2:15 p.m. | 16 minutes ago

Description : An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49015

Published : June 18, 2025, 2:15 p.m. | 16 minutes ago

Description : The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Introduction to Copilot for Power Platform Microsoft Copilot is a revolutionary AI-powered tool for Power Platform, designed to streamline the…

Getting Started with Coveo Atomic CLI This section explains how to install, configure, and deploy a Coveo Atomic project using…

In today’s world, TypeScript has become the go to choice for building robust but at the same time scalable applications.…

The Laravel team released v12.19.0 with a UseEloquentBuilder PHP attribute, an AsFluent model cast, FailOnException job middleware, assert redirect back…

Laravel’s withoutDefer and withDefer test helpers enable precise control over deferred operation execution during testing. These utilities allow immediate execution…

An Elasticsearch implementation of Laravel’s Eloquent ORM Source: Read More 

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai…

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets…

Iran has throttled internet access in the country in a purported attempt to hamper Israel’s ability to conduct covert cyber…

A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for…

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to…

For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously…

The Israel-Iran conflict that began with Israeli attacks on Iranian nuclear and military targets on June 13 has sparked a…

Introduction: The Need for Efficient RL in LRMs Reinforcement Learning RL is increasingly used to enhance LLMs, especially for reasoning…