Security

CVE ID : CVE-2025-4587

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ab-testing-for-wp/ab-test-block’ block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the ‘id’ parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5306

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5936

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5940

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6689

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6688

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user’s identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6550

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12827

Published : June 27, 2025, 9:15 a.m. | 44 minutes ago

Description : The DWT – Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user’s password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2940

Published : June 27, 2025, 9:15 a.m. | 1 hour, 54 minutes ago

Description : The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5398

Published : June 27, 2025, 10:15 a.m. | 54 minutes ago

Description : The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0. With a CVSS base score of 9.0, this flaw could allow …
Read more

Published Date:
Jun 27, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36038

CVE-2022-34165

Cisco ISE Vulnerabilities June 2025

Skip to contentCisco has disclosed three major security vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC platforms. Two of them are critical remote code execution (RCE) flaws that can …
Read more

Published Date:
Jun 27, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20282

CVE-2025-20281

CVE-2025-20264

CVE-2025-49144

CVE-2024-20399

APT-C-36 Hackers Attacking Government Institutions, Financial Organizations, and Critical Infrastructure

Since 2018, the advanced persistent threat group APT-C-36, commonly known as Blind Eagle, has emerged as a formidable cyber adversary targeting critical sectors across Latin America.
This sophisticate …
Read more

Published Date:
Jun 27, 2025 (1 hour, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-43451

CVE ID : CVE-2025-47824

Published : June 27, 2025, 3:15 a.m. | 3 hours, 53 minutes ago

Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.

Severity: 2.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6750

Published : June 27, 2025, 3:15 a.m. | 3 hours, 53 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47823

Published : June 27, 2025, 3:15 a.m. | 3 hours, 53 minutes ago

Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.

Severity: 2.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47822

Published : June 27, 2025, 3:15 a.m. | 3 hours, 53 minutes ago

Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53157

Published : June 27, 2025, 4:15 a.m. | 2 hours, 53 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53158

Published : June 27, 2025, 4:15 a.m. | 2 hours, 53 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53159

Published : June 27, 2025, 4:15 a.m. | 2 hours, 53 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…