Security

CVE ID : CVE-2025-5521

Published : June 3, 2025, 7:15 p.m. | 15 minutes ago

Description : A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5522

Published : June 3, 2025, 7:15 p.m. | 15 minutes ago

Description : A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BitoPro Silent on $11.5M Hack: Investigator Uncovers Massive Crypto Theft

Cryptocurrency investigator @zachxbt, while analyzing on-chain transactions, uncovered a suspicious movement of funds linked to the Taiwanese cryptocurrency exchange BitoPro. Approximately $11.5 milli …
Read more

Published Date:
Jun 03, 2025 (5 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4428

CVE-2025-4427

CVE-2024-21762

CVE-2022-47945

New Linux Vulnerabilities

They’re interesting:
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools …
Read more

Published Date:
Jun 03, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5054

CVE-2025-4598

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessib …
Read more

Published Date:
Jun 03, 2025 (3 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents

A high-severity vulnerability was uncovered in Splunk Universal Forwarder for Windows that compromises directory access controls.
The flaw, designated CVE-2025-20298 with a CVSSv3.1 score of 8.0, affe …
Read more

Published Date:
Jun 03, 2025 (2 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20298

VS meldt actief misbruik van kwetsbaarheden in Craft CMS

Aanvallers maken actief misbruik van twee kwetsbaarheden in Craft CMS, een contentmanagementsysteem voor het opzetten van websites, vergelijkbaar met WordPress. Dat meldt het Cybersecurity and Infrast …
Read more

Published Date:
Jun 03, 2025 (2 hours, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-35939

CVE-2025-32432

CVE-2024-58136

CVE-2024-56145

Androidlekken kunnen malafide apps ongemerkt meer permissies geven

Verschillende kwetsbaarheden in Android maken het mogelijk voor malafide apps om ongemerkt meer permissies te krijgen. Google heeft updates uitgebracht om de problemen te verhelpen. Tijdens de patchro …
Read more

Published Date:
Jun 03, 2025 (2 hours, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (

Full Disclosure
mailing list archives
Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (
Date: Fri, 30 May 2025 13:31 …
Read more

Published Date:
Jun 03, 2025 (2 hours, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2019-9978

CVE-2024-47081: Netrc credential leak in PSF requests library

Full Disclosure
mailing list archives
From: Juho Forsén via Fulldisclosure
Date: Sat, 31 May 2025 06:30:50 +0000
The PSF requests library (https://github.com/psf/reque …
Read more

Published Date:
Jun 03, 2025 (2 hours, 4 minutes ago)

Vulnerabilities has been mentioned in this article.

Local information disclosure in apport and systemd-coredump

Full Disclosure
mailing list archives
From: Qualys Security Advisory via Fulldisclosure
Date: Thu, 29 May 2025 17:26:22 +0000
Qualys Security Advisory
Local informatio …
Read more

Published Date:
Jun 03, 2025 (2 hours, 2 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5054

CVE-2025-4598

CVE-2022-4415

CVE-2021-25684

CVE-2020-15702

CVE-2019-15790

CVE-2019-11483

CVE-2017-14180

CVE-2015-1325

CVE-2015-1318

CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0

Full Disclosure
mailing list archives
From: Sanjay Singh
Date: Fri, 30 May 2025 22:58:18 +0530
Hello Full Disclosure list,
I am sharing details of a newly assigned CVE affec …
Read more

Published Date:
Jun 03, 2025 (2 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-45542

CISA Adds Five New Vulnerabilities to  KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five new vulnerabilities that pose a high risk to federal agencies an …
Read more

Published Date:
Jun 03, 2025 (1 hour, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-35939

CVE-2025-3935

CVE-2025-24054

CVE-2024-56145

CVE-2024-29988

CVE-2023-39780

CVE-2021-32030

CISA warns of ConnectWise ScreenConnect bug exploited in attacks

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server.
The agency is warning that fo …
Read more

Published Date:
Jun 03, 2025 (1 hour, 7 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-35939

CVE-2025-3935

CVE-2024-56145

CVE-2023-39780

CVE-2021-32030

Cyber Brief 25-06 – May 2025

Cyber Brief (May 2025)June 3, 2025 – Version: 1TLP:CLEARExecutive summaryWe analysed 328 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, in Europe, seven EU Mem …
Read more

Published Date:
Jun 03, 2025 (0 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4664

CVE-2025-27007

CVE-2025-31324

CVE-2025-3248

CVE-2024-38475

CVE-2023-44221

CVE ID : CVE-2024-45655

Published : June 3, 2025, 3:15 p.m. | 17 minutes ago

Description : IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36564

Published : June 3, 2025, 3:15 p.m. | 17 minutes ago

Description : Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43923

Published : June 3, 2025, 3:15 p.m. | 17 minutes ago

Description : An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43924

Published : June 3, 2025, 3:15 p.m. | 17 minutes ago

Description : Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43925

Published : June 3, 2025, 3:15 p.m. | 17 minutes ago

Description : An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…