CVE ID : CVE-2025-48920
Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49580
Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago
Description : XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49581
Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago
Description : XWiki is a generic wiki platform. Any user with edit right on a page (could be the user’s profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro’s author when the parameter’s value is the default value.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6035
Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago
Description : A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP “Despeckle” plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6052
Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago
Description : A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49582
Published : June 13, 2025, 5:15 p.m. | 51 minutes ago
Description : XWiki is a generic wiki platform. When editing content that contains “dangerous” macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an attacker to hide malicious content. For most macros, the existing analyzers don’t consider non-lowercase parameters. Further, most macro parameters that can contain XWiki syntax like titles of information boxes weren’t analyzed at all. Similarly, the “source” parameters of the content and context macro weren’t anylzed even though they could contain arbitrary XWiki syntax. In the worst case, this could allow a malicious to add malicious script macros including Groovy or Python macros to a page that are then executed after another user with programming righs edits the page, thus allowing remote code execution. The required rights analyzers have been made more robust and extended to cover those cases in XWiki 16.4.7, 16.10.3 and 17.0.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49583
Published : June 13, 2025, 5:15 p.m. | 51 minutes ago
Description : XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Paragon Spyware used to Spy on European Journalists
Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European jou …
Read more
Published Date:
Jun 13, 2025 (3 hours, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access
A critical spoofing vulnerability in Microsoft Defender for Identity (MDI) allows unauthenticated attackers to escalate privileges and gain unauthorized access to Active Directory environments.
The vu …
Read more
Published Date:
Jun 13, 2025 (3 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26685
PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
A proof-of-concept exploit published for CVE-2025-21420, a newly discovered elevation of privilege vulnerability affecting the Windows Disk Cleanup Tool (cleanmgr.exe).
The vulnerability allows attack …
Read more
Published Date:
Jun 13, 2025 (3 hours, 19 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21420
HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit
A significant security vulnerability in HashiCorp Nomad workload orchestrator that allows attackers to escalate privileges by exploiting the Access Control List (ACL) policy lookup mechanism.
The vuln …
Read more
Published Date:
Jun 13, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4922
Camera’s PTZOptics en ValueHD via hardcoded wachtwoord over te nemen
Beveiligingscamera’s van fabrikanten ValueHD, PTZOptics, multiCAM Systems en SMTAV, die onder andere in vitale sectoren worden gebruikt, bevatten meerdere kritieke kwetsbaarheden waardoor de apparaten …
Read more
Published Date:
Jun 13, 2025 (2 hours, 44 minutes ago)
Vulnerabilities has been mentioned in this article.
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab r …
Read more
Published Date:
Jun 13, 2025 (2 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
Kritiek path traversal-lek geeft toegang tot voip-platform Mitel MiCollab
Een kritieke path traversal-kwetsbaarheid in Mitel MiCollab kan aanvallers ongeautoriseerde toegang tot het voip-platform geven, zo waarschuwt de leverancier. Die heeft een beveiligingsupdate beschikb …
Read more
Published Date:
Jun 13, 2025 (1 hour, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-41713
CVE ID : CVE-2025-29902
Published : June 13, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49468
Published : June 13, 2025, 10:15 a.m. | 3 hours, 26 minutes ago
Description : A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45984
Published : June 13, 2025, 12:15 p.m. | 1 hour, 26 minutes ago
Description : Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via the routepwd parameter in the sub_45B238 function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45985
Published : June 13, 2025, 12:15 p.m. | 1 hour, 26 minutes ago
Description : Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45986
Published : June 13, 2025, 12:15 p.m. | 1 hour, 26 minutes ago
Description : Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac parameter in the bs_SetMacBlack function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45987
Published : June 13, 2025, 12:15 p.m. | 1 hour, 26 minutes ago
Description : Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…