CVE ID : CVE-2025-51381
Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago
Description : An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4955
Published : June 18, 2025, 6:15 a.m. | 15 minutes ago
Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers u …
Read more
Published Date:
Jun 17, 2025 (17 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Vulnerability / Enterprise Software
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated re …
Read more
Published Date:
Jun 17, 2025 (15 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-9875
CVE-2019-9874
WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits
German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO Device Manager after researchers uncovered serious vulnerabilities that could allow una …
Read more
Published Date:
Jun 18, 2025 (2 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched
Google has rolled out an important security update for the Stable Channel of Chrome, bringing the version number to 137.0.7151.119/.120 for Windows and macOS, and 137.0.7151.119 for Linux. This update …
Read more
Published Date:
Jun 18, 2025 (2 hours, 16 minutes ago)
Vulnerabilities has been mentioned in this article.
Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers
Veeam, a global leader in data protection and disaster recovery solutions, has issued a critical security update for its flagship product, Veeam Backup & Replication, patching three vulnerabilities—on …
Read more
Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-49149
Published : June 17, 2025, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in…
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands…
In episode 55 of The AI Fix, Gemini thinks a little meth won’t hurt, Mark realises what a terrifying 45mph…
Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data,…
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Network Security / IoT Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulner …
Read more
Published Date:
Jun 17, 2025 (14 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-33538
CVE-2023-28771
Google’s Gerrit Code Platform Vulnerability Allows Hack of 18 Google Projects Including ChromiumOS
A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chrom …
Read more
Published Date:
Jun 17, 2025 (5 hours, 2 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1568
CVE ID : CVE-2025-32412
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30642
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30641
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30640
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41388
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48443
Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…