CVE ID : CVE-2025-34073
Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago
Description : An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45029
Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago
Description : WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49588
Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago
Description : Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn’t do any validation before sending them to parsers and playwright, this can result in leak of other user’s links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53106
Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago
Description : Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > “Allow users to create personal access tokens”.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
ESET experts discuss Sandworm’s new data wiper, UnsolicitedBooker’s relentless campaigns, attribution challenges amid tool-sharing, and other key findings from the…
ESET Chief Security Evangelist Tony Anscombe reviews some of the report’s standout findings and their implications for organizations in 2025…
Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in…
Australia’s national carrier, Qantas Airways Limited, has revealed a cybersecurity incident. The Qantas cyberattack was traced to unauthorized access through…
By Salleh Kodri, SE Regional Manager, Cyble ASEAN is going full throttle on digital growth. From cross-border e-commerce and AI deployments…
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH)…
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated…
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and…
Windows User Count Controversy: Microsoft Silently “Corrects” User Base to 1.4 Billion After Implied 400M Drop
Hardware indicator for volume shown at the top center
Last week, a Microsoft executive noted in a newly published blog post that Windows is currently in use on over one billion devices worldwide. This …
Read more
Published Date:
Jul 02, 2025 (4 hours, 27 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3596
Apple Sues Ex-Vision Pro Engineer Di Liu: Accused of Stealing Secrets & Joining Competitor Snap
As development on the successor to the Vision Pro continues apace, Apple has recently filed a lawsuit accusing former senior product design engineer Di Liu of failing to disclose his employment at com …
Read more
Published Date:
Jul 02, 2025 (4 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24118
CVE-2024-44131
CVE-2024-23222
Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files
A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalat …
Read more
Published Date:
Jul 02, 2025 (3 hours, 36 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-36630
CVE-2025-6021
CVE-2025-24855
Honderdduizenden WordPress-sites via lek in Forminator over te nemen
Een kwetsbaarheid in een veelgebruikte plug-in voor WordPress maakt remote code execution op honderdduizenden websites mogelijk, die zo volledig zijn over te nemen. Een update die het probleem verhelp …
Read more
Published Date:
Jul 02, 2025 (3 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6463
Critical Vulnerability in Anthropic MCP Inspector Let Attackers Execute Arbitrary Code
A critical Remote Code Execution (RCE) vulnerability in Anthropic’s MCP Inspector tool, designated as CVE-2025-49596, has a severe CVSS score of 9.4.
This vulnerability represents one of the first cri …
Read more
Published Date:
Jul 02, 2025 (1 hour, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49596
Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover
A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide.
The vulnerability, assigned CVE-20 …
Read more
Published Date:
Jul 02, 2025 (1 hour, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6463
CISA Adds TelelMessage TM SGNL to KEV Catalog
Skip to contentCVE-2025-48927 — Insecure Spring Boot Heap Dump Exposure📌 Description:This vulnerability exists in TeleMessage TM SGNL due to an exposed Spring Boot Actuator /heapdump endpoint, accessi …
Read more
Published Date:
Jul 02, 2025 (28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6554
CVE-2025-48928
CVE-2025-48927
CVE ID : CVE-2025-27023
Published : July 2, 2025, 10:15 a.m. | 1 hour, 28 minutes ago
Description : Lack or insufficent input validation in WebGUI CLI web in Infinera G42
version R6.1.3 allows remote authenticated users to read all OS files
via crafted CLI commands.
Details: The web interface based management of the Infinera G42 appliance enables the feature of
executing a restricted set of commands. This feature
also offers the option to execute a script-file already present on the target
device. When a non-script or incorrect file is specified, the content
of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…