CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in tar …
Read more
Published Date:
Jun 17, 2025 (2 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-43200
CVE ID : CVE-2025-5209
Published : June 17, 2025, 6:15 a.m. | 4 hours, 10 minutes ago
Description : The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6164
Published : June 17, 2025, 6:15 a.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6165
Published : June 17, 2025, 6:15 a.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6167
Published : June 17, 2025, 7:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6166
Published : June 17, 2025, 6:15 a.m. | 4 hours, 10 minutes ago
Description : A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6173
Published : June 17, 2025, 7:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this flaw but considers it a low-level issue due to admin privilege pre-requisites. Still, a fix is planned for a future release.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40674
Published : June 17, 2025, 9:15 a.m. | 1 hour, 10 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign
In a major revelation, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC) has attributed a sophisticated phishing and malware campaign to the APT group Tea …
Read more
Published Date:
Jun 17, 2025 (5 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2857
CVE-2025-2783
High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass
Gamers and PC enthusiasts relying on ASUS Armoury Crate to manage their high-performance systems are urged to update immediately following the discovery of a serious security vulnerability. Tracked as …
Read more
Published Date:
Jun 17, 2025 (5 hours, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3464
CVE-2025-2492
CVE-2025-2783
CVE-2024-54085
CVE-2024-13062
CVE-2024-12912
CVE-2023-5716
Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet
Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy …
Read more
Published Date:
Jun 17, 2025 (4 hours, 13 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3248
Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw
Facial recognition technology is increasingly prevalent across a variety of scenarios; however, cases of identity fraud continue to surface, highlighting that even facial recognition is not infallible …
Read more
Published Date:
Jun 17, 2025 (4 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26644
CISA Adds Apple and TP-Link Vulnerabilities to KEV Catalog
On June 16, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding two high-risk vulnerabilities — one affecting Apple d …
Read more
Published Date:
Jun 17, 2025 (3 hours, 34 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-43200
CVE-2025-26685
CVE-2025-21298
CVE-2023-33538
CVE ID : CVE-2025-49823
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.
Severity: 0.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-45380
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-45069
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52437
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52438
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52440
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52439
Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…