Security

CVE ID : CVE-2025-6695

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6674

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6675

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6676

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6677

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6694

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6706

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server.
The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6709

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.

The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6707

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6710

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.

The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to…

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to…

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July…

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign…

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment,…

CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks

CISA has issued a critical warning regarding a Fortinet FortiOS vulnerability that poses significant risks to network security infrastructure.
On June 25, 2025, CISA added CVE-2019-6693 to its Known E …
Read more

Published Date:
Jun 26, 2025 (3 hours, 48 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2019-6693

Citrix waarschuwt voor misbruik van kritiek lek in NetScaler ADC en Gateway

Citrix waarschuwt organisaties voor actief misbruik van een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway. Het gaat om een buffer overflow die volgens Citrix tot “unintended control flo …
Read more

Published Date:
Jun 26, 2025 (3 hours, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

Cisco ISE-servers via kritieke kwetsbaarheden volledig over te nemen

Cisco waarschuwt voor twee kritieke kwetsbaarheden in de Identity Services Engine (ISE) waardoor aanvallers volledige controle kunnen krijgen over de server waarop de oplossing draait. De impact van b …
Read more

Published Date:
Jun 26, 2025 (2 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20282

CVE-2025-20281

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks.
The MegaRAC BMC firmware provides remote …
Read more

Published Date:
Jun 26, 2025 (2 hours, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-54085

CVE-2023-34329

Surge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers

Researchers observed a significant increase in malicious scanning activity targeting MOVEit Transfer systems observed with over 682 unique IP addresses participating in coordinated reconnaissance and …
Read more

Published Date:
Jun 26, 2025 (1 hour, 48 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-36934

CVE-2023-34362