Security

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053).
Also, Adobe Commerce and Magento Open Source users are urged to update quickl …
Read more

Published Date:
Jun 11, 2025 (2 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32717

CVE-2025-3052

CVE-2025-47167

CVE-2025-47164

CVE-2025-47162

CVE-2025-33073

CVE-2025-33071

CVE-2025-33070

CVE-2025-33053

CVE-2025-24016

HPE Aruba Network Vulnerability Exposes Sensitive Information to Hackers

HPE Aruba Network Vulnerability Exposes Sensitive Information to Hackers

A high-severity security vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Private 5G Core platform that could allow unauthorized actors to access and download sensitive system files. …
Read more

Published Date:
Jun 11, 2025 (1 hour, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-37100

Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days

Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days

A recent investigation by security research firm AppOmni has brought to light more than twenty security weaknesses within Salesforce‘s Industry Cloud products. These findings, shared with Hackread.com …
Read more

Published Date:
Jun 11, 2025 (1 hour, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-43701

CVE-2025-43700

CVE-2025-43699

CVE-2025-43698

CVE-2025-43697

CVE-2022-43698

Microsoft fixes Windows Server auth issues caused by April updates

Microsoft fixes Windows Server auth issues caused by April updates

Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates.
Platforms affected by these problems include Wi …
Read more

Published Date:
Jun 11, 2025 (1 hour, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-26647

CVE-2025-33112 – IBM AIX VIOS Perl Path Traversal Vulnerability

CVE ID : CVE-2025-33112

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47162 – Microsoft Office Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-47162

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47163 – Microsoft Office SharePoint Remote Code Execution Vulnerability

CVE ID : CVE-2025-47163

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47166 – Microsoft Office SharePoint Remote Code Execution

CVE ID : CVE-2025-47166

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47167 – Microsoft Office Type Confusion Code Execution

CVE ID : CVE-2025-47167

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-47172 – Microsoft Office SharePoint SQL Injection

CVE ID : CVE-2025-47172

Published : June 10, 2025, 5:23 p.m. | 18 hours, 51 minutes ago

Description : Improper neutralization of special elements used in an sql command (‘sql injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5969 – D-Link DIR-632 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5969

Published : June 10, 2025, 5:25 p.m. | 18 hours, 49 minutes ago

Description : A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5144 – “Stored Cross-Site Scripting in The Events Calendar for WordPress”

CVE ID : CVE-2025-5144

Published : June 11, 2025, 1:15 p.m. | 43 minutes ago

Description : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4315 – CubeWP WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-4315

Published : June 11, 2025, 10:15 a.m. | 1 hour, 59 minutes ago

Description : The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-26412 – SIMCom SIM7600G Command Injection Vulnerability

CVE ID : CVE-2025-26412

Published : June 11, 2025, 9:15 a.m. | 4 hours, 11 minutes ago

Description : The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3302 – Xagio SEO – WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-3302

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…