Security

CVE ID : CVE-2025-53338

Published : June 27, 2025, 2:15 p.m. | 55 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53339

Published : June 27, 2025, 2:15 p.m. | 55 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6768

Published : June 27, 2025, 2:15 p.m. | 55 minutes ago

Description : A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors…

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to…

SafePay is a relatively new ransomware that is making a big impact. Find out how it is different from other…

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets…

Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine

Apple was recently fined €500 million by the European Union for failing to comply with the Digital Markets Act. Although the fine has yet to be paid, the company has begun revising its developer polic …
Read more

Published Date:
Jun 27, 2025 (3 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-23222

CVE ID : CVE-2025-4587

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ab-testing-for-wp/ab-test-block’ block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the ‘id’ parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5306

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5936

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5940

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6689

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6688

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user’s identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6550

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12827

Published : June 27, 2025, 9:15 a.m. | 44 minutes ago

Description : The DWT – Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user’s password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2940

Published : June 27, 2025, 9:15 a.m. | 1 hour, 54 minutes ago

Description : The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5398

Published : June 27, 2025, 10:15 a.m. | 54 minutes ago

Description : The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0. With a CVSS base score of 9.0, this flaw could allow …
Read more

Published Date:
Jun 27, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36038

CVE-2022-34165

Cisco ISE Vulnerabilities June 2025

Skip to contentCisco has disclosed three major security vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC platforms. Two of them are critical remote code execution (RCE) flaws that can …
Read more

Published Date:
Jun 27, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20282

CVE-2025-20281

CVE-2025-20264

CVE-2025-49144

CVE-2024-20399