CVE ID : CVE-2025-6172
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks
Five critical vulnerabilities—each scoring a CVSS of 9.8—have been disclosed in multiple models of Blink routers BL, exposing users to unauthorized command injection attacks through unauthenticated HT …
Read more
Published Date:
Jun 16, 2025 (5 hours, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-45988
CVE-2025-45987
CVE-2025-45986
CVE-2025-45985
CVE-2025-45984
KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft
A significant security vulnerability has been discovered in KIA vehicles sold in Ecuador, potentially affecting thousands of cars and exposing them to sophisticated theft techniques.
Independent hardw …
Read more
Published Date:
Jun 16, 2025 (3 hours, 58 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6029
CVE ID : CVE-2025-6100
Published : June 16, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6101
Published : June 16, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6103
Published : June 16, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6102
Published : June 16, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6104
Published : June 16, 2025, 4:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6106
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6105
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6107
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, M …
Read more
Published Date:
Jun 15, 2025 (18 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
The flaw is …
Read more
Published Date:
Jun 15, 2025 (12 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4123
Dems demand audit of CVE program as Federal funding remains uncertain
Infosec In Brief A pair of Congressional Democrats have demanded a review of the Common Vulnerabilities and Exposures (CVE) program amid uncertainties about continued US government funding for the sch …
Read more
Published Date:
Jun 15, 2025 (4 hours, 18 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-42009
Privilege Escalation Flaw in IBM Backup Services Threatens IBM i Environments (CVE-2025-33108)
IBM has disclosed a high-severity vulnerability affecting its Backup, Recovery, and Media Services (BRMS) for IBM i systems, specifically versions 7.5 and 7.4. Identified as CVE-2025-33108, this flaw …
Read more
Published Date:
Jun 16, 2025 (1 hour, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-33108
CVE-2025-6029 & CVE-2025-6030: Replay Attacks Expose Vulnerabilities in KIA and Autoeastern Smart Keyless Entry Systems
The vulnerable key fobs are available on the KIA Ecuador website | Image: Danilo Erazo
An independent hardware security researcher Danilo Erazo has unveiled two critical-severity vulnerabilities—CVE-2 …
Read more
Published Date:
Jun 16, 2025 (1 hour, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6030
CVE-2025-6029
CVE ID : CVE-2025-6099
Published : June 16, 2025, 1:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1411
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36041
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6089
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…