ASUS Armoury Crate Vulnerability Let Attackers Escalate to System User on Windows Machine
A critical authorization bypass vulnerability in ASUS Armoury Crate enables attackers to gain system-level privileges on Windows machines through a sophisticated hard link manipulation technique.
The …
Read more
Published Date:
Jun 17, 2025 (2 hours, 13 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3464
CVE ID : CVE-2025-3515
Published : June 17, 2025, 10:15 a.m. | 3 hours, 14 minutes ago
Description : The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin’s blacklist and upload .phar or other dangerous file types on the affected site’s server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6050
Published : June 17, 2025, 11:15 a.m. | 3 hours, 11 minutes ago
Description : Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the “displayable_links_js” function, which fails to properly sanitize blog post titles before including them in JSON responses served via “/admin/displayable_links.js”. An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the “/admin/displayable_links.js” endpoint, causing the malicious script to execute in their browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3880
Published : June 17, 2025, 12:15 p.m. | 2 hours, 11 minutes ago
Description : The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5291
Published : June 17, 2025, 12:15 p.m. | 2 hours, 11 minutes ago
Description : The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5700
Published : June 17, 2025, 12:15 p.m. | 2 hours, 11 minutes ago
Description : The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4365
Published : June 17, 2025, 1:15 p.m. | 1 hour, 11 minutes ago
Description : Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5349
Published : June 17, 2025, 1:15 p.m. | 1 hour, 11 minutes ago
Description : Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5777
Published : June 17, 2025, 1:15 p.m. | 1 hour, 11 minutes ago
Description : Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6020
Published : June 17, 2025, 1:15 p.m. | 1 hour, 11 minutes ago
Description : A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development…
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over…
Meta Platforms on Monday announced that it’s bringing advertising to WhatsApp, but emphasized that the ads are “built with privacy…
Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware…
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose…
The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun…
Apache Tomcat Vulnerabilities Allow Authentication Bypass and DoS Attacks
Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allow …
Read more
Published Date:
Jun 17, 2025 (3 hours, 59 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49125
CVE-2025-49124
CVE-2025-48988
CVE-2025-48976
VS meldt actief misbruik van beveiligingslek in wifi-routers TP-Link
Aanvallers maken actief misbruik van een kwetsbaarheid in wifi-routers van fabrikant TP-Link, zo waarschuwt het Amerikaanse cyberagentschap CISA. Het beveiligingslek laat een aanvaller op afstand syst …
Read more
Published Date:
Jun 17, 2025 (2 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-33538
Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection
As the adoption of generative AI accelerates across industries, enterprises are simultaneously raising their expectations for the security and stability of AI systems. Trend Micro has announced its in …
Read more
Published Date:
Jun 17, 2025 (2 hours, 38 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-51503
CVE-2024-48904
Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port
A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders.
The coor …
Read more
Published Date:
Jun 17, 2025 (2 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-28771