Security

CVE ID : CVE-2025-49575

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49579

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36539

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2745

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48699

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4417

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : A cross-site scripting vulnerability exists in
AVEVA PI Connector for CygNet
Versions 1.6.14 and prior that, if exploited, could allow an
administrator miscreant with local access to the connector admin portal
to persist arbitrary JavaScript code that will be executed by other
users who visit affected pages.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44019

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if
exploited, could allow an authenticated user to shut down certain
necessary PI Data Archive subsystems, resulting in a denial of service.
Depending on the timing of the crash, data present in snapshots/write
cache may be lost.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4418

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : An improper validation of integrity check value vulnerability exists in

AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited,
could allow a miscreant with elevated privileges to modify PI Connector
for CygNet local data files (cache and buffers) in a way that causes the
connector service to become unresponsive.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5485

Published : June 12, 2025, 8:15 p.m. | 1 hour, 14 minutes ago

Description : User names used to access the web management interface are limited to
the device identifier, which is a numerical identifier no more than 10
digits. A malicious actor can enumerate potential targets by
incrementing or decrementing from known identifiers or through
enumerating random digit sequences.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5484

Published : June 12, 2025, 8:15 p.m. | 1 hour, 14 minutes ago

Description : A username and password are required to authenticate to the central
SinoTrack device management interface. The username for all devices is
an identifier printed on the receiver. The default password is
well-known and common to all devices. Modification of the default
password is not enforced during device setup. A malicious actor can
retrieve device identifiers with either physical access or by capturing
identifiers from pictures of the devices posted on publicly accessible
websites such as eBay.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6031

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.

When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.

We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27689

Published : June 12, 2025, 9:15 p.m. | 46 minutes ago

Description : Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49589

Published : June 12, 2025, 9:15 p.m. | 46 minutes ago

Description : PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44091

Published : June 12, 2025, 9:15 p.m. | 46 minutes ago

Description : yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

Cybersecurity firm Aim Labs has uncovered a serious new security problem, named EchoLeak, affecting Microsoft 365 (M365) Copilot, a popular AI assistant. This flaw is a zero-click vulnerability, meani …
Read more

Published Date:
Jun 12, 2025 (5 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-24955

CVE-2025-41234: Spring Framework Vulnerability Enables Reflected File Download Attacks

The Spring project has released a security advisory disclosing a vulnerability in the popular Spring Framework, which could allow attackers to launch Reflected File Download (RFD) attacks under certai …
Read more

Published Date:
Jun 12, 2025 (3 hours, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

Multiple GitLab Vulnerabilities Allow Attackers to Achieve Complete Account Takeover

A series of critical security vulnerabilities across GitLab Community Edition (CE) and Enterprise Edition (EE) platforms that could enable attackers to achieve complete account takeover and compromise …
Read more

Published Date:
Jun 12, 2025 (3 hours, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions

A critical command injection vulnerability in Palo Alto Networks PAN-OS operating system enables authenticated administrative users to escalate privileges and execute commands as the root user.
Design …
Read more

Published Date:
Jun 12, 2025 (3 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

OpenPGP.js Vulnerability Let Attackers Spoof Message Signature Verification

A critical vulnerability in the widely-used OpenPGP.js library has been discovered that allows attackers to forge digital signatures and deceive users into believing malicious content was legitimately …
Read more

Published Date:
Jun 12, 2025 (3 hours, 25 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47934

IPhones Europese journalisten via iOS zero click-lek besmet met spyware

De iPhones van in ieder geval twee Europese journalisten zijn via een zero-click kwetsbaarheid in iOS besmet geraakt met de Graphite-spyware van Paragon Solutions. Het bestaan van het beveiligingslek, …
Read more

Published Date:
Jun 12, 2025 (2 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.