Security

CVE ID : CVE-2025-49868

Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago

Description : URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49871

Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49872

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49874

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Missing Authorization vulnerability in tychesoftwares Arconix FAQ allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Arconix FAQ: from n/a through 1.9.6.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49865

Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49879

Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49877

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49878

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49880

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49881

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49882

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49875

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4754

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.

This issue affects ash_authentication_phoenix until 2.10.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6196

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6199

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45879

Published : June 17, 2025, 4:15 p.m. | 2 hours, 12 minutes ago

Description : A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user’s browser via a crafted payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45878

Published : June 17, 2025, 5:15 p.m. | 1 hour, 12 minutes ago

Description : A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user’s browser via a crafted payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45880

Published : June 17, 2025, 5:15 p.m. | 1 hour, 12 minutes ago

Description : A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user’s browser via a crafted payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google Chrome 0-Day Vulnerability Exploited by APT Hackers in the Wild

A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging previousl …
Read more

Published Date:
Jun 17, 2025 (3 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2783

Critical sslh Vulnerabilities Let Hackers Trigger Remote DoS Attacks

Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port.
The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exp …
Read more

Published Date:
Jun 17, 2025 (3 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46806

CVE-2025-46807