Security

CVE ID : CVE-2025-1793

Published : June 5, 2025, 5:15 a.m. | 1 hour, 59 minutes ago

Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5636

Published : June 5, 2025, 5:15 a.m. | 1 hour, 42 minutes ago

Description : A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5638

Published : June 5, 2025, 5:15 a.m. | 1 hour, 42 minutes ago

Description : A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5637

Published : June 5, 2025, 5:15 a.m. | 1 hour, 42 minutes ago

Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3054

Published : June 5, 2025, 6:15 a.m. | 42 minutes ago

Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. Please note that this requires the ‘Private Message’ module to be enabled and the Business version of the PRO software to be in use.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3055

Published : June 5, 2025, 6:15 a.m. | 59 minutes ago

Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5639

Published : June 5, 2025, 6:15 a.m. | 42 minutes ago

Description : A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5683

Published : June 5, 2025, 6:15 a.m. | 42 minutes ago

Description : When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5640

Published : June 5, 2025, 6:15 a.m. | 42 minutes ago

Description : A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Bitter End: Unraveling Eight Years of Espionage Antics—Part One

June 04, 2025
Nick Attfield and Konstantin Klinger in collaboration with Threatray’s Abdallah Elshinbary and Jonas Wagner
This is a two-part blog series, detailing research undertaken in collaboration …
Read more

Published Date:
Jun 04, 2025 (12 hours, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-43572

Play ransomware crims exploit SimpleHelp flaw in double-extortion schemes

Groups linked with the Play ransomware have exploited more than 900 organizations, the FBI said Wednesday, and have developed a number of new techniques in their double-extortion campaigns – including …
Read more

Published Date:
Jun 04, 2025 (3 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-57727

CVE-2022-41082

CVE-2022-41040

CVE-2020-12812

CVE-2018-13379

Multiple Stored XSS Vulnerabilities Discovered in VMware NSX — Patch Now

Broadcom has released important updates addressing three newly disclosed vulnerabilities in VMware NSX, all of which expose users to Stored Cross-Site Scripting (XSS) attacks. These flaws—tracked as C …
Read more

Published Date:
Jun 04, 2025 (3 hours, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-22245

CVE-2025-22244

CVE-2025-22243

CVE-2025-22231

Critical ABB EIBPORT Flaw: Update Now to Prevent Building Automation Hijacks!

ABB has issued a Cyber Security Advisory addressing a critical session management vulnerability affecting its EIBPORT V3 products used in building automation systems. The flaw, tracked as CVE-2024-139 …
Read more

Published Date:
Jun 05, 2025 (3 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-13967

CVE-2024-51547

CVE-2024-56529

Critical Cisco ISE Cloud Vulnerability (CVSS 9.9) with PoC Exploit Threatens AWS, Azure, OCI

Cisco has patched a critical vulnerability (CVE-2025-20286, CVSS 9.9) that affects cloud-based deployments of its Identity Services Engine (ISE) across AWS, Microsoft Azure, and Oracle Cloud Infrastru …
Read more

Published Date:
Jun 05, 2025 (3 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20286

CVE-2025-20125

CVE-2025-20124

CVE-2024-20469

CVE-2025-48947: Session Cookies at Risk in Auth0 Next.js SDK

A serious vulnerability has been uncovered in the widely-used Auth0 Next.js SDK—a library that helps developers implement authentication in their Next.js apps. Tracked as CVE-2025-48947 and rated CVSS …
Read more

Published Date:
Jun 05, 2025 (3 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48947

CVE-2025-29927

CVE-2024-56332

CVE-2024-51479

CVE-2024-46982

Sophos Unmasks Sakura RAT: Hackers Hacking Hackers with Backdoored Malware!

In a recent deep dive, Sophos X-Ops uncovered a sophisticated campaign that’s not targeting enterprises or governments, but instead other hackers and game cheaters. And it all starts with a backdoored …
Read more

Published Date:
Jun 05, 2025 (3 hours, 3 minutes ago)

Vulnerabilities has been mentioned in this article.

Cisco Warns of High-Severity SSH Security Flaws in UCS IMC and NDFC Systems

Cisco has issued security advisories for two high-severity vulnerabilities—one in the Cisco Integrated Management Controller (IMC) and the other in the Nexus Dashboard Fabric Controller (NDFC)—both po …
Read more

Published Date:
Jun 05, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20261

CVE-2025-20163

CVE-2024-20536

CVE-2024-20432

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

A newly disclosed vulnerability in the Auth0 PHP SDK—a widely-used authentication toolkit with over 16 million downloads—poses a critical threat to web applications that rely on social and enterprise …
Read more

Published Date:
Jun 05, 2025 (2 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48947

CVE-2025-48951

CVE ID : CVE-2025-5621

Published : June 5, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5622

Published : June 5, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…