CVE ID : CVE-2024-38823
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : Salt’s request server is vulnerable to replay attacks when not using a TLS encrypted transport.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22238
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : Directory traversal attack in minion file cache creation. The master’s default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite ‘cache’ files outside of the cache directory.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22239
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : Arbitrary event injection on Salt Master. The master’s “_minion_event” method can be used by and authorized minion to send arbitrary events onto the master’s event bus.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22240
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master’s process has permissions to.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22241
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22242
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : Worker process denial of service through file read operation. .A vulnerability exists in the Master’s “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22237
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : An attacker with access to a minion key can exploit the ‘on demand’ pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-38824
Published : June 13, 2025, 8:15 a.m. | 1 hour, 49 minutes ago
Description : Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5923
Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago
Description : The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39240
Published : June 13, 2025, 8:15 a.m. | 1 hour, 49 minutes ago
Description : Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6012
Published : June 13, 2025, 8:15 a.m. | 1 hour, 49 minutes ago
Description : The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46783
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36506
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48825
Published : June 13, 2025, 9:15 a.m. | 49 minutes ago
Description : RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces
A significant surge in brute-force attacks is targeting Apache Tomcat Manager interfaces, according to a new report from GreyNoise. On June 5, 2025, analysts observed a large-scale campaign where atta …
Read more
Published Date:
Jun 13, 2025 (4 hours, 2 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
CVE-2025-24813
CVE-2024-38286
Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network
A newly disclosed vulnerability in the now-discontinued Amazon Cloud Cam has raised serious concerns about the risks of continuing to use unsupported smart home devices. Tracked as CVE-2025-6031 and r …
Read more
Published Date:
Jun 13, 2025 (3 hours, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727)
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with its federal partners, has issued a high-priority alert (AA25-163A) detailing how ransomware actors have exploited unp …
Read more
Published Date:
Jun 13, 2025 (3 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6031
CVE-2024-57727
CVE-2024-9404
CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches
Moxa has issued a high-severity security advisory for a newly discovered vulnerability—CVE-2024-9404—that affects its widely deployed PT-G7728 and PT-G7828 industrial Ethernet switches. This flaw coul …
Read more
Published Date:
Jun 13, 2025 (3 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5491
CVE-2025-0676
CVE-2024-7695
CVE-2024-57727
CVE-2024-9404
CVE-2024-1086
CVE-2025-5491: Acer Control Center Bug Allows Remote Code Execution as NT AUTHORITYSYSTEM
Acer has released a critical security update addressing a newly disclosed local privilege escalation vulnerability in its ControlCenter utility that could allow remote, unauthenticated attackers to ex …
Read more
Published Date:
Jun 13, 2025 (2 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5491
CVE-2024-9404
CVE-2022-4020
CVE ID : CVE-2025-30399
Published : June 13, 2025, 2:15 a.m. | 3 hours, 48 minutes ago
Description : Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…