Security

CVE ID : CVE-2025-24333

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.

This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24334

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24335

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.

No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27021

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : The misconfiguration in the sudoers configuration of the operating system in
Infinera G42 version R6.1.3 allows low privileged OS users to
read/write physical memory via devmem command line tool.
This could
allow sensitive information disclosure, denial of service, and privilege
escalation by tampering with kernel memory.

Details: The output of “sudo -l” reports the presence of “devmem” command
executable as super user without using a password. This command allows
to read and write an arbitrary memory area of the target device,
specifying an absolute address.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27022

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : Path traversal in WebGUI HTTP endpoint in Infinera G42 version R6.1.3
allows remote authenticated users to download all OS files via HTTP
requests.

Details:

Lack or insufficient validation of user-supplied input allows
authenticated users to access all files on the target machine file
system that are readable to the user account used to run the httpd
service.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases

A critical remote code execution (RCE) vulnerability has been discovered in Wing FTP Server, a popular cross-platform file transfer solution, allowing unauthenticated attackers to fully compromise ser …
Read more

Published Date:
Jul 02, 2025 (4 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Two critical vulnerabilities recently disclosed by CERT@VDE, in coordination with industrial automation company Pilz, highlight a sobering reality: even industry-grade systems meant to power factories …
Read more

Published Date:
Jul 02, 2025 (3 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-41656

CVE-2025-41648

CVE-2025-3200

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to three security issues, potentially affecting thousands of self-hosted deployments. …
Read more

Published Date:
Jul 02, 2025 (3 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

Graylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse

A vulnerability was found in Graylog—a popular Security Information and Event Management (SIEM) solution. Tracked as CVE-2025-53106 and scoring 8.8 on the CVSS v4 scale, this critical flaw allows priv …
Read more

Published Date:
Jul 02, 2025 (3 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

Multi DataEase Flaws: RCE & Bypass Vulnerabilities Threaten BI Platform via JDBC

DataEase, an open-source business intelligence (BI) platform known for its ease of use and data visualization capabilities, has been found to contain several critical vulnerabilities in its database c …
Read more

Published Date:
Jul 02, 2025 (3 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

ANSSI Exposes “Houken”: China-Linked Threat Actor Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits

The French cybersecurity agency ANSSI has exposed a sophisticated threat actor dubbed Houken. First observed exploiting zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices in Sept …
Read more

Published Date:
Jul 02, 2025 (1 hour, 34 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-9380

CVE-2024-8963

CVE-2024-8190

Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing

A Chinese student has been sentenced to over a year in prison by Inner London Crown Court for orchestrating a mobile SMS-based phishing (smishing) campaign using a covert “SMS Blaster” system hidden i …
Read more

Published Date:
Jul 02, 2025 (1 hour, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover

A newly disclosed high-severity vulnerability in the popular Forminator plugin threatens the security of hundreds of thousands of WordPress websites. Tracked as CVE-2025-6463, this arbitrary file dele …
Read more

Published Date:
Jul 02, 2025 (1 hour, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

Apple has spammed millions of iPhones with a promotion for Brad Pitt’s new (Apple-backed) F1 movie. Source: Read More

A group of hackers gained remote access to a hydroelectric dam’s control systems in Norway and fully opened a drainage…

So, you think hacking is just about stealing information, extorting ransoms, or wiping out company data? The truth is, sometimes…

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has…

In episode 57 of The AI Fix, our hosts discover an AI “dream recorder”, Mark Zuckerberg tantalises OpenAI staff with…

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has…

Qilin was the top ransomware group by a wide margin in June, solidifying its position as the top ransomware group…