Security

CVE-2025-45988 – Blink Routers Command Injection Vulnerability

CVE ID : CVE-2025-45988

Published : June 13, 2025, 12:15 p.m. | 1 hour, 26 minutes ago

Description : Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46096 – Solon Directory Traversal XSS Vulnerability

CVE ID : CVE-2025-46096

Published : June 13, 2025, 1:15 p.m. | 26 minutes ago

Description : Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46060 – TOTOLINK N600R Buffer Overflow Vulnerability

CVE ID : CVE-2025-46060

Published : June 13, 2025, 1:15 p.m. | 26 minutes ago

Description : Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sweden says it is under cyber attack

Swedish Prime Minister Ulf Kristersson says his country is under attack, after days of hard-hitting DDoS attacks against SVT Sweden’s…

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

The advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS.
At least three European journalists have been confir …
Read more

Published Date:
Jun 13, 2025 (3 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub.
The vulnerability, tracked as CVE-2 …
Read more

Published Date:
Jun 13, 2025 (3 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33053

VS slaat alarm over ransomware-aanvallen via SimpleHelp-lek

VS slaat alarm over ransomware-aanvallen via SimpleHelp-lek

Het Amerikaanse cyberagentschap CISA slaat alarm over een kwetsbaarheid in de software SimpleHelp die wordt gebruikt bij ransomware-aanvallen en roept organisaties op om direct maatregelen te treffen. …
Read more

Published Date:
Jun 13, 2025 (2 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57727

Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider

Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider

Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Manageme …
Read more

Published Date:
Jun 13, 2025 (2 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57727

Trend Micro meldt kritiek RCE-lek in beveiligingsplatform Apex Central

Trend Micro meldt kritiek RCE-lek in beveiligingsplatform Apex Central

Twee kritieke kwetsbaarheden in beveiligingsplatform Apex Central van Trend Micro maken het mogelijk voor ongeauthenticeerde aanvallers om op afstand code uit te voeren. Er zijn updates uitgebracht om …
Read more

Published Date:
Jun 13, 2025 (1 hour, 7 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

CVE ID : CVE-2025-4227

Published : June 13, 2025, 6:15 a.m. | 3 hours, 49 minutes ago

Description : An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.

An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4229 – Palo Alto Networks PAN-OS SD-WAN Information Disclosure Vulnerability

CVE ID : CVE-2025-4229

Published : June 13, 2025, 6:15 a.m. | 3 hours, 49 minutes ago

Description : An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-38822 – Salt Minion Token Validation Bypass

CVE ID : CVE-2024-38822

Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago

Description : Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-38825 – Apache Salt PKI Authentication Bypass

CVE ID : CVE-2024-38825

Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago

Description : The salt.auth.pki module does not properly authenticate callers. The “password” field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-22236 – Salt Minion Event Bus Authorization Bypass

CVE ID : CVE-2025-22236

Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago

Description : Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…