Security

CVE ID : CVE-2025-6065

Published : June 14, 2025, 9:15 a.m. | 1 hour ago

Description : The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘delete’ task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3234

Published : June 14, 2025, 6:15 a.m. | 2 hours, 17 minutes ago

Description : The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5487

Published : June 14, 2025, 7:15 a.m. | 1 hour, 17 minutes ago

Description : The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to com …
Read more

Published Date:
Jun 13, 2025 (19 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57728

CVE-2024-57727

CVE-2024-57726

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

Grafana Labs has released a round of security patches to address CVE-2025-3415, a medium-severity vulnerability (CVSS 4.3) that could expose sensitive configuration data in Grafana Alerting, specifica …
Read more

Published Date:
Jun 14, 2025 (4 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

Windows SMB Flaw (CVE-2025-33073): SYSTEM Privilege Escalation via Kerberos, PoC Available

Image: mverschu
A newly disclosed security vulnerability in the Windows SMB client, tracked as CVE-2025-33073, has raised significant concerns due to its potential to allow elevation of privilege to S …
Read more

Published Date:
Jun 14, 2025 (4 hours, 17 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-50142

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50143

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50144

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50145

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50146

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50147

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50148

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50149

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50150

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6059

Published : June 14, 2025, 3:15 a.m. | 2 hours, 23 minutes ago

Description : The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the ‘OnAdminApi_CacheOpBegin’ function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Mitel OpenScape Flaw (CVE-2025-23092): High-Severity Path Traversal Allows Admin RCE

A newly disclosed vulnerability in Mitel’s OpenScape Accounting Management platform has been assigned CVE-2025-23092 and rated High severity (CVSS 7.2). This path traversal vulnerability allows attack …
Read more

Published Date:
Jun 14, 2025 (2 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset

In May 2025, a financial institution in Asia was targeted in a highly anomalous ransomware attack that may blur the lines between conventional cybercrime and espionage. According to a new report from …
Read more

Published Date:
Jun 14, 2025 (1 hour, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-24919

Published : June 13, 2025, 10:15 p.m. | 3 hours, 14 minutes ago

Description : A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-25215

Published : June 13, 2025, 10:15 p.m. | 3 hours, 14 minutes ago

Description : An arbitrary free vulnerability exists in the cv_close functionality of
Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call
can lead to an arbitrary free. An attacker can forge a fake session to
trigger this vulnerability.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…