Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion
A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.
The vulnerability, tra …
Read more
Published Date:
Jun 19, 2025 (1 hour, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack
A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.
The vu …
Read more
Published Date:
Jun 19, 2025 (1 hour, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20271
CVE ID : CVE-2025-5490
Published : June 19, 2025, 6:15 a.m. | 4 hours, 21 minutes ago
Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4571
Published : June 19, 2025, 7:15 a.m. | 3 hours, 21 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors’ data, modify campaign events, etc.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4965
Published : June 19, 2025, 7:15 a.m. | 3 hours, 21 minutes ago
Description : The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2016-3399
Published : June 19, 2025, 9:15 a.m. | 1 hour, 21 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31698
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.
This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49763
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.
Users can use a new setting for the plugin (–max-inclusion-depth) to limit it.
This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5071
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5234
Published : June 19, 2025, 10:15 a.m. | 21 minutes ago
Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386.
The vulnerabilit …
Read more
Published Date:
Jun 18, 2025 (18 hours, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6029
CVE-2024-26809
CVE-2023-0386
CVE-2025-23121 Remote Code Execution in Veeam
📌 OverviewCVE-2025-23121 is a critical remote code execution (RCE) vulnerability identified in Veeam Backup & Replication (VBR) software. The flaw affects domain-joined backup servers and allows any a …
Read more
Published Date:
Jun 19, 2025 (5 hours, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-24287
CVE-2025-24286
CVE-2025-23121
CVE-2025-26685
CVE-2025-2783
CVE-2024-29212
CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks
Cisco has disclosed a vulnerability in its Meraki MX and Z Series devices, affecting the Cisco AnyConnect VPN service and allowing unauthenticated remote attackers to trigger a denial-of-service (DoS) …
Read more
Published Date:
Jun 19, 2025 (4 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover
Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which is installed on more than 100,000 websites. Tracked as CVE-2025-5071, this flaw en …
Read more
Published Date:
Jun 19, 2025 (4 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution
Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9 to address two significant security vulnerabilities that could lead to denial-of-servic …
Read more
Published Date:
Jun 19, 2025 (4 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution
Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute remote code or escalate privileges by exploiting insecure file up …
Read more
Published Date:
Jun 19, 2025 (3 hours, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-23172
CVE-2025-23171
CVE-2025-30353
CVE-2024-42450
CVE-2024-45229
CVE-2023-22651
Windows 11 Recall Adds Data Export for EU Users: Share Snapshots with Third Parties
Revamped “Start” Menu Interface
If your laptop is equipped with an NPU unit, you can take advantage of the newly introduced Recall feature in the latest version of Windows 11, which is powered by arti …
Read more
Published Date:
Jun 19, 2025 (3 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-1313
Intel Prepares Massive Layoffs: Up to 20% of Foundry Division Workforce Cut Starting July 2025
Since the autumn of 2024, Intel has been undergoing waves of layoffs, and the trend shows no signs of abating. According to the latest reports, the company is preparing for a significant round of job …
Read more
Published Date:
Jun 19, 2025 (3 hours, 27 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2022-21198
CVE ID : CVE-2025-5524
Published : June 19, 2025, 5:15 a.m. | 17 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50182
Published : June 19, 2025, 2:15 a.m. | 2 hours, 52 minutes ago
Description : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…