Security

CVE ID : CVE-2025-4231

Published : June 13, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.

The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4232

Published : June 13, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s…

The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help…

Graphite spyware used in Apple iOS zero-click attacks on journalists

Forensic investigation has confirmed the use of Paragon’s Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe.
Researchers at Citizen …
Read more

Published Date:
Jun 12, 2025 (4 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

Trend Micro fixes critical vulnerabilities in multiple products

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TM …
Read more

Published Date:
Jun 12, 2025 (2 hours, 37 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-43863

Published : June 12, 2025, 6:15 p.m. | 3 hours, 46 minutes ago

Description : vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43866

Published : June 12, 2025, 6:15 p.m. | 3 hours, 46 minutes ago

Description : vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49081

Published : June 12, 2025, 6:15 p.m. | 3 hours, 46 minutes ago

Description : There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49576

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49577

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49578

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49575

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49579

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36539

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2745

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48699

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4417

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : A cross-site scripting vulnerability exists in
AVEVA PI Connector for CygNet
Versions 1.6.14 and prior that, if exploited, could allow an
administrator miscreant with local access to the connector admin portal
to persist arbitrary JavaScript code that will be executed by other
users who visit affected pages.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44019

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if
exploited, could allow an authenticated user to shut down certain
necessary PI Data Archive subsystems, resulting in a denial of service.
Depending on the timing of the crash, data present in snapshots/write
cache may be lost.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4418

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : An improper validation of integrity check value vulnerability exists in

AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited,
could allow a miscreant with elevated privileges to modify PI Connector
for CygNet local data files (cache and buffers) in a way that causes the
connector service to become unresponsive.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…