Security

CVE ID : CVE-2025-6155

Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago

Description : A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6156

Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago

Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument testtype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3493

Published : June 17, 2025, 4:15 a.m. | 2 hours, 9 minutes ago

Description : Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3494

Published : June 17, 2025, 4:15 a.m. | 2 hours, 9 minutes ago

Description : Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6158

Published : June 17, 2025, 4:15 a.m. | 2 hours, 9 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6159

Published : June 17, 2025, 4:15 a.m. | 2 hours, 9 minutes ago

Description : A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6161

Published : June 17, 2025, 5:15 a.m. | 1 hour, 9 minutes ago

Description : A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6160

Published : June 17, 2025, 5:15 a.m. | 1 hour, 9 minutes ago

Description : A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6163

Published : June 17, 2025, 5:15 a.m. | 15 minutes ago

Description : A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6162

Published : June 17, 2025, 5:15 a.m. | 1 hour, 9 minutes ago

Description : A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it har …
Read more

Published Date:
Jun 16, 2025 (14 hours, 56 minutes ago)

Vulnerabilities has been mentioned in this article.

Keyless Entry Vulnerability (CVE-2025-6029) Threatens KIA Vehicles in Ecuador, Researcher Reports

A security flaw has been identified in the keyless entry systems (KES) used extensively in KIA vehicles across Ecuador, exposing thousands of cars to a severe risk of theft. This vulnerability, offici …
Read more

Published Date:
Jun 16, 2025 (13 hours, 37 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6029

CVE-2024-20440

CVE-2024-20439

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

Trend Micro has uncovered an active and sophisticated campaign exploiting a critical remote code execution (RCE) vulnerability in Langflow, a popular open-source framework for building AI applications …
Read more

Published Date:
Jun 16, 2025 (3 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

A sudden and coordinated wave of exploit attempts targeting a critical vulnerability in Zyxel firewalls has been detected. The attack centers around CVE-2023-28771, a high-severity remote code executi …
Read more

Published Date:
Jun 17, 2025 (2 hours, 16 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-33010

CVE-2023-33009

CVE-2023-28771

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs

A tool named PoCGen is revolutionizing how the security community generates Proof-of-Concept (PoC) exploits for vulnerabilities in the npm ecosystem. Developed by researchers Deniz Simsek, Aryaz Eghba …
Read more

Published Date:
Jun 17, 2025 (2 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57063

CVE-2023-28771

OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation

Image: SpecterOps
A recent investigation by SpecterOps has uncovered a chain of critical vulnerabilities in OneLogin’s Active Directory (AD) Connector service that enabled attackers to impersonate use …
Read more

Published Date:
Jun 17, 2025 (2 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-27584

CVE-2023-48238

CVE-2023-37266

Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing confirmed in-the-wild exploitation …
Read more

Published Date:
Jun 17, 2025 (2 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-43200

CVE-2023-33538

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed

The Apache Software Foundation has disclosed four security vulnerabilities affecting multiple versions of Apache Tomcat, the widely used open-source Java servlet container. These flaws—ranging from de …
Read more

Published Date:
Jun 17, 2025 (2 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49125

CVE-2025-49124

CVE-2025-48988

CVE-2025-48976

CVE-2025-24813

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

In June 2025, the SUSE Security Team disclosed critical vulnerabilities in sslh, a lightweight protocol multiplexer used to serve multiple services—such as SSH and HTTPS—on the same port. Though desig …
Read more

Published Date:
Jun 17, 2025 (1 hour, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49596

CVE-2025-46806

CVE-2025-46807

CVE-2025-46728

CVE-2024-12254

CVE-2022-45047

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

A newly disclosed security flaw in the MCP Inspector, a tool designed to test and debug Machine Context Protocol (MCP) servers, could allow unauthenticated remote code execution (RCE) — potentially pu …
Read more

Published Date:
Jun 17, 2025 (1 hour, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49596