Security

CVE ID : CVE-2025-50200

Published : June 19, 2025, 5:15 p.m. | 41 minutes ago

Description : RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6270

Published : June 19, 2025, 5:15 p.m. | 41 minutes ago

Description : A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-33117

Published : June 19, 2025, 6:15 p.m. | 23 minutes ago

Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2005-2347

Published : June 19, 2025, 11:15 a.m. | 1 hour, 29 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32896

Published : June 19, 2025, 11:15 a.m. | 1 hour, 29 minutes ago

Description : # Summary

Unauthorized users can perform Arbitrary File Read and Deserialization
attack by submit job using restful api-v1.

# Details
Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit
job.
An attacker can set extra params in mysql url to perform Arbitrary File
Read and Deserialization attack.

This issue affects Apache SeaTunnel:
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6019

Published : June 19, 2025, 12:15 p.m. | 29 minutes ago

Description : A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the “allow_active” setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an “allow_active” user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6266

Published : June 19, 2025, 12:15 p.m. | 29 minutes ago

Description : A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4738

Published : June 19, 2025, 1:15 p.m. | 1 hour, 14 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized…

Meta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook. “Passkeys are a…

Cloud Software Group has released a security bulletin warning customers of two newly identified vulnerabilities, CVE-2025-5349 and CVE-2025-5777, affecting both…

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific…

Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already…

DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software.…

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive…

Charles M. Schmaltz, 28, of Pensacola, Florida, has pleaded guilty to cyberstalking and sending obscene materials to minor females. The…

Roundcube: CVE-2025–49113

Roundcube: CVE-2025–49113Who am I?I’m Chetan Chinchulkar (aka omnipresent), a cybersecurity enthusiast, software developer, and security researcher ranked in the top 2% on TryHackMe. Passionate about …
Read more

Published Date:
Jun 19, 2025 (4 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23121 Critical Veeam Vulnerability: Backup Servers at Risk from Authenticated RCE Flaw

Hunter.howWhat is CVE‑2025-23121?This vulnerability is a critical Remote Code Execution (RCE) flaw in Veeam Backup & Replication, rated 9.9 out of 10 on the CVSS v3 scale. It allows an authenticated d …
Read more

Published Date:
Jun 19, 2025 (4 hours, 12 minutes ago)

Vulnerabilities has been mentioned in this article.

Meta Embraces Passkeys: Facebook & Messenger Get Secure, Passwordless Login

As more online service platforms adopt Passkey technology, Meta has finally followed suit, announcing the introduction of a more secure and convenient login method for both Facebook and Messenger—aime …
Read more

Published Date:
Jun 19, 2025 (2 hours, 20 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27920

Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resou …
Read more

Published Date:
Jun 19, 2025 (1 hour, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6087