Security

Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)

Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned.
What is Wazuh?
Wazuh is a p …
Read more

Published Date:
Jun 10, 2025 (3 hours, 25 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49113

CVE-2025-24016

Meerdere botnets misbruiken kritiek lek in beveiligingsplatform Wazuh

Verschillende botnets maken actief misbruik van een kritieke kwetsbaarheid in Wazuh, een opensource-beveiligingsplatform voor het voorkomen en detecteren van dreigingen en incidentrespons. Dat laat in …
Read more

Published Date:
Jun 10, 2025 (1 hour, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24016

Critical Vulnerability in Lovable’s Security Policies Let Attackers Inject Malicious Code

A severe security vulnerability, designated as CVE-2025-48757, has been discovered in Lovable’s implementation of Row Level Security (RLS) policies, allowing attackers to bypass authentication control …
Read more

Published Date:
Jun 10, 2025 (1 hour, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48757

CVE ID : CVE-2025-2918

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43701

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. 

This impacts OmniStudio: before version 254.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43700

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. 

This impacts OmniStudio: before Spring 2025.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4774

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4577

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43698

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects.
This impacts OmniStudio: before Spring 2025

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43697

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.
This impacts OmniStudio: before Spring 2025

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49509

Published : June 10, 2025, 1:15 p.m. | 32 minutes ago

Description : Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43699

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. 

This impacts OmniStudio: before Spring 2025

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49511

Published : June 10, 2025, 1:15 p.m. | 32 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49510

Published : June 10, 2025, 1:15 p.m. | 32 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40656

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40654

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40655

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40658

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40657

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40659

Published : June 10, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…