Security

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for …
Read more

Published Date:
Jun 30, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

CVE-2025-5777

CVE-2025-5349

CVE-2025-5439

CVE-2023-4966

Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attack …
Read more

Published Date:
Jun 30, 2025 (1 hour, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3248

CVE ID : CVE-2024-8419

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41439

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53416

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6901

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6902

Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /php_action/editUser.php. The manipulation of the argument edituserName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40710

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6903

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6904

Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago

Description : A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4407

Published : June 30, 2025, 12:15 p.m. | 3 hours, 14 minutes ago

Description : Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6905

Published : June 30, 2025, 12:15 p.m. | 3 hours, 14 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the file /signup.php. The manipulation of the argument fname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6906

Published : June 30, 2025, 1:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Car Rental System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6907

Published : June 30, 2025, 1:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6908

Published : June 30, 2025, 1:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument sertitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6909

Published : June 30, 2025, 2:15 p.m. | 1 hour, 14 minutes ago

Description : A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-scdetails.php. The manipulation of the argument emeradd leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6910

Published : June 30, 2025, 2:15 p.m. | 1 hour, 14 minutes ago

Description : A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of the argument session leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain…

CVE-2025–49144: Notepad++ vulnerability allows full system compromise

https://pixabay.com/illustrations/security-cyber-data-computer-4868172/Disclaimer: The information provided in this article is just for an educational and informational purposes only. The intent behin …
Read more

Published Date:
Jun 30, 2025 (3 hours, 46 minutes ago)

Vulnerabilities has been mentioned in this article.

Bluetooth Vulnerabilities Let Hackers Spy on Your Headphones and Earbuds

A major security flaw affecting millions of Bluetooth headphones and earbuds has been discovered, allowing attackers to remotely hijack devices and spy on users without requiring any authentication or …
Read more

Published Date:
Jun 30, 2025 (1 hour, 4 minutes ago)

Vulnerabilities has been mentioned in this article.