Security

CVE ID : CVE-2025-32879

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32880

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48705

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48706

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6342

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6343

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_product.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6344

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that…

Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak…

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can…

Imagine for one moment that you are a cybercriminal. You have compromised an organisation’s network, you have stolen their data,…

Iran’s state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against…

IBM QRadar SIEM Vulnerabilities Allows Attackers to Execute Arbitrary Commands

Multiple high-severity vulnerabilities in IBM QRadar SIEM could allow attackers to execute arbitrary commands and access sensitive data.
The most critical flaw, tracked as CVE-2025-33117, carries a CV …
Read more

Published Date:
Jun 20, 2025 (4 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36050

CVE-2025-33121

CVE-2025-33117

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Last month, a critical vulnerability was reported to Wordfence that now threatens more than 22,000 WordPress websites using the popular Motors automotive dealership theme. Tracked as CVE-2025-4322 and …
Read more

Published Date:
Jun 20, 2025 (3 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4322

CVE-2024-50623

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations an …
Read more

Published Date:
Jun 20, 2025 (1 hour, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32896

ClamAV 1.4.3 and 1.0.9 Released With Fix for Vulnerabilities that Enable Remote Code Execution

Multiple high-severity vulnerabilities, including a dangerous buffer overflow capable of remote code execution, have been fixed in critical security updates released by the ClamAV team for versions 1. …
Read more

Published Date:
Jun 20, 2025 (1 hour, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20260

CVE-2025-20234

CVE ID : CVE-2025-50054

Published : June 20, 2025, 7:15 a.m. | 3 hours, 27 minutes ago

Description : Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6313

Published : June 20, 2025, 7:15 a.m. | 3 hours, 27 minutes ago

Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/cat_add.php. The manipulation of the argument Category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6314

Published : June 20, 2025, 7:15 a.m. | 3 hours, 27 minutes ago

Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/cat_update.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6315

Published : June 20, 2025, 7:15 a.m. | 3 hours, 27 minutes ago

Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cart2.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…