CVE ID : CVE-2025-5964
Published : June 15, 2025, 8:15 p.m. | 5 hours, 6 minutes ago
Description : A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6093
Published : June 15, 2025, 10:15 p.m. | 3 hours, 7 minutes ago
Description : A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The manipulation of the argument num leads to stack-based buffer overflow. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6094
Published : June 15, 2025, 11:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6095
Published : June 15, 2025, 11:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6097
Published : June 16, 2025, 12:15 a.m. | 1 hour, 7 minutes ago
Description : A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6096
Published : June 16, 2025, 12:15 a.m. | 1 hour, 7 minutes ago
Description : A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6098
Published : June 16, 2025, 1:15 a.m. | 14 minutes ago
Description : A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup…
Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation
Researchers at NetSPI detailed a spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI). This flaw, while not weaponizable in isolation, becomes dangerous when paired with ot …
Read more
Published Date:
Jun 15, 2025 (7 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26685
The Anatomy of an RCE Attack : The Hacker’s Big Score
Real Attacks, Big Damage, and How to Stop ThemRCE is often dubbed the holy grail of hacking—because it grants attackers full control over a system remotely. Think of it as finding a hidden backdoor th …
Read more
Published Date:
Jun 15, 2025 (2 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-44228
Exposure Protocol: Information Disclosure in the Wild [Part 1]
When Servers Overshare: Sniping Apache Struts with a Simple String InjectionAuthor: Aditya BhattCategory: Web App Hacking | Recon | Info Disclosure | CVE Enumeration🔍 PrefaceWelcome to the first insta …
Read more
Published Date:
Jun 15, 2025 (2 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
Tenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8 …
Read more
Published Date:
Jun 14, 2025 (4 hours, 35 minutes ago)
Vulnerabilities has been mentioned in this article.
Meta Invests $14.3 Billion in Scale AI, Recruits Founder Alexandr Wang for Superintelligence Lab
Recent reports revealed that Meta CEO Mark Zuckerberg has been actively recruiting top-tier experts with the ambitious goal of advancing the development of superintelligent AI. Simultaneously, it was …
Read more
Published Date:
Jun 14, 2025 (2 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-27842
CVE ID : CVE-2025-4187
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The UserPro – Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4592
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the ‘wpz-ai-images’ page. This makes it possible for unauthenticated attackers to update the plugin’s API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5589
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6040
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the ‘ef_settings_submenu’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4216
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘diot’ shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5336
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-no_number’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6061
Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago
Description : The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘kkytv’ shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…