Security

CVE ID : CVE-2025-20308

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52886

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20310

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53359

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for “legacy” transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53358

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the index_fn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to traverse directories (e.g. ../../../../../.env) and exfiltrate sensitive files. This issue has been patched via commit 37cdc28, in version 0.10.7 which has not been made public at time of publication.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6942

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : The distributed engine of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6943

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20307

Published : July 2, 2025, 5:15 p.m. | 2 hours, 27 minutes ago

Description : A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface.

This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-20309

Published : July 2, 2025, 5:15 p.m. | 2 hours, 27 minutes ago

Description : A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.

This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45814

Published : July 2, 2025, 5:15 p.m. | 2 hours, 27 minutes ago

Description : Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45424

Published : July 2, 2025, 5:15 p.m. | 2 hours, 27 minutes ago

Description : Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52841

Published : July 2, 2025, 5:15 p.m. | 2 hours, 27 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45813

Published : July 2, 2025, 6:15 p.m. | 1 hour, 27 minutes ago

Description : ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49713

Published : July 2, 2025, 6:15 p.m. | 1 hour, 27 minutes ago

Description : Access of resource using incompatible type (‘type confusion’) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Security experts have uncovered a hole in Cl0p’s data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.
The vulnerability in the Python-based software, which wa …
Read more

Published Date:
Jul 02, 2025 (5 hours, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-36934

CVE-2023-34362

YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack

A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats.
The vulnerability, designated as C …
Read more

Published Date:
Jul 02, 2025 (3 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-45080

Chinese Houken Hackers Exploiting Ivanti CSA Zero-Days to Deploy Linux Rootkits

A sophisticated Chinese threat group identified as Houken has been exploiting multiple zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices to deploy advanced Linux rootkits and es …
Read more

Published Date:
Jul 02, 2025 (2 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-9380

CVE-2024-8963

CVE-2024-8190

Franse overheid beschrijft aanvallen op organisaties via Ivanti-lekken

Franse organisaties, waaronder overheidsinstanties, defensiebedrijven en telecombedrijven, zijn eind vorig jaar aangevallen via kwetsbaarheden in Ivanti Cloud Service Appliance (CSA). Op het moment va …
Read more

Published Date:
Jul 02, 2025 (1 hour, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-9380

CVE-2024-8963

CVE-2024-8190

CISA Warns of TeleMessage TM SGNL Vulnerabilities Exploited in Attacks

CISA has issued an urgent warning regarding two critical vulnerabilities in TeleMessage TM SGNL that threat actors are currently exploiting in active attack campaigns.
The vulnerabilities, tracked as …
Read more

Published Date:
Jul 02, 2025 (1 hour, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48928

CVE-2025-48927

CVE ID : CVE-2025-45006

Published : July 1, 2025, 8:15 p.m. | 18 hours, 46 minutes ago

Description : Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…