Roundcube: CVE-2025–49113
Roundcube: CVE-2025–49113Who am I?I’m Chetan Chinchulkar (aka omnipresent), a cybersecurity enthusiast, software developer, and security researcher ranked in the top 2% on TryHackMe. Passionate about …
Read more
Published Date:
Jun 19, 2025 (4 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23121 Critical Veeam Vulnerability: Backup Servers at Risk from Authenticated RCE Flaw
Hunter.howWhat is CVE‑2025-23121?This vulnerability is a critical Remote Code Execution (RCE) flaw in Veeam Backup & Replication, rated 9.9 out of 10 on the CVSS v3 scale. It allows an authenticated d …
Read more
Published Date:
Jun 19, 2025 (4 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
Meta Embraces Passkeys: Facebook & Messenger Get Secure, Passwordless Login
As more online service platforms adopt Passkey technology, Meta has finally followed suit, announcing the introduction of a more secure and convenient login method for both Facebook and Messenger—aime …
Read more
Published Date:
Jun 19, 2025 (2 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27920
Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resou …
Read more
Published Date:
Jun 19, 2025 (1 hour, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6087
Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion
A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.
The vulnerability, tra …
Read more
Published Date:
Jun 19, 2025 (1 hour, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack
A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.
The vu …
Read more
Published Date:
Jun 19, 2025 (1 hour, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20271
CVE ID : CVE-2025-5490
Published : June 19, 2025, 6:15 a.m. | 4 hours, 21 minutes ago
Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4571
Published : June 19, 2025, 7:15 a.m. | 3 hours, 21 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors’ data, modify campaign events, etc.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4965
Published : June 19, 2025, 7:15 a.m. | 3 hours, 21 minutes ago
Description : The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2016-3399
Published : June 19, 2025, 9:15 a.m. | 1 hour, 21 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31698
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.
This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49763
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.
Users can use a new setting for the plugin (–max-inclusion-depth) to limit it.
This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5071
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5234
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386.
The vulnerabilit …
Read more
Published Date:
Jun 18, 2025 (18 hours, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6029
CVE-2024-26809
CVE-2023-0386
CVE-2025-23121 Remote Code Execution in Veeam
📌 OverviewCVE-2025-23121 is a critical remote code execution (RCE) vulnerability identified in Veeam Backup & Replication (VBR) software. The flaw affects domain-joined backup servers and allows any a …
Read more
Published Date:
Jun 19, 2025 (5 hours, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24287
CVE-2025-24286
CVE-2025-23121
CVE-2025-26685
CVE-2025-2783
CVE-2024-29212
CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks
Cisco has disclosed a vulnerability in its Meraki MX and Z Series devices, affecting the Cisco AnyConnect VPN service and allowing unauthenticated remote attackers to trigger a denial-of-service (DoS) …
Read more
Published Date:
Jun 19, 2025 (4 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover
Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which is installed on more than 100,000 websites. Tracked as CVE-2025-5071, this flaw en …
Read more
Published Date:
Jun 19, 2025 (4 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution
Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9 to address two significant security vulnerabilities that could lead to denial-of-servic …
Read more
Published Date:
Jun 19, 2025 (4 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution
Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute remote code or escalate privileges by exploiting insecure file up …
Read more
Published Date:
Jun 19, 2025 (3 hours, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23172
CVE-2025-23171
CVE-2025-30353
CVE-2024-42450
CVE-2024-45229
CVE-2023-22651