CVE ID : CVE-2025-24286
Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24288
Published : June 19, 2025, 12:15 a.m. | 44 minutes ago
Description : The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
Versa recommends the following security controls:
1) Change default passwords to complex passwords
2) Passwords must be complex with at least 8 characters that comprise of upper case, and lower case alphabets, as well as at at least one digit, and one special character
3) Passwords must be changed at least every 90 days
4) Password change history is checked to ensure that the at least the last 5 passwords must be used when changing password.
5) Review and audit logs for all authentication attempts to check for unauthorized/suspicious login attempts and enforce remediation steps.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24291
Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago
Description : The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24287
Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50181
Published : June 19, 2025, 1:15 a.m. | 47 minutes ago
Description : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called…
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments…
In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that…
A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and…
CVE ID : CVE-2025-26198
Published : June 18, 2025, 6:15 p.m. | 2 hours, 29 minutes ago
Description : CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The application fails to properly sanitize user inputs before constructing SQL queries, enabling an attacker to manipulate database queries via specially crafted payloads
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29646
Published : June 18, 2025, 6:15 p.m. | 3 hours, 29 minutes ago
Description : An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6192
Published : June 18, 2025, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6191
Published : June 18, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26199
Published : June 18, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Linux-lek geeft aanvaller roottoegang: “organisaties moeten meteen patchen”
Onderzoekers hebbentwee nieuwe Linux-kwetsbaarheden ontdekt waardoor een niet-geprivilegeerde lokale gebruiker rootrechten kan krijgen. “Gegeven dat udisks overal aanwezig is en de eenvoud van de expl …
Read more
Published Date:
Jun 18, 2025 (4 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
Veeam patches third critical RCE bug in Backup & Replication in space of a year
Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.
Tracked as CVE-2025-23121 with a CVSS v3 …
Read more
Published Date:
Jun 18, 2025 (3 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel’s OverlayFS subsystem that allows them to gain root privileges.
This local privilege e …
Read more
Published Date:
Jun 18, 2025 (3 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices
The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe.
This sophisticated malware …
Read more
Published Date:
Jun 18, 2025 (2 hours, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-4473
CVE-2021-46229
CVE ID : CVE-2024-54172
Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago
Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1349
Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago
Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…