Security

CVE ID : CVE-2025-6581

Published : June 24, 2025, 11:15 p.m. | 3 hours, 40 minutes ago

Description : A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/details/dob/marriage_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6582

Published : June 25, 2025, 12:15 a.m. | 2 hours, 40 minutes ago

Description : A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6583

Published : June 25, 2025, 12:15 a.m. | 2 hours, 40 minutes ago

Description : A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Wall Street Journal reports that Aflac is investigating a breach that may have exposed claims information, health details, Social…

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage…

In episode 56 of The AI Fix, Anthropic and Apple have a bar fight, a woman describes her husband falling…

Iran-aligned hacktivists launched DDoS attacks against 15 U.S. organizations and 19 websites in the first 24 hours after the U.S.…

Threat actors are hijacking Google search results for popular AI platforms like ChatGPT and Luma AI to deliver malware, in…

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their…

Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog

Researchers have uncovered three vulnerabilities in the popular content management system, Sitecore Experience Platform.
CVE-2025-34509 involves a hard-coded password (consisting of just a single lett …
Read more

Published Date:
Jun 24, 2025 (2 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6019

CVE-2025-34511

CVE-2025-34510

CVE-2025-34509

CVE-2025-33053

Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cybe …
Read more

Published Date:
Jun 24, 2025 (1 hour, 56 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

CVE-2023-4966

CVE ID : CVE-2025-2566

Published : June 24, 2025, 7:15 p.m. | 2 hours, 11 minutes ago

Description : Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5087

Published : June 24, 2025, 7:15 p.m. | 2 hours, 11 minutes ago

Description : Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-37743

Published : June 24, 2025, 8:15 p.m. | 44 minutes ago

Description : An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-56917

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49853

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49851

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49852

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52571

Published : June 24, 2025, 8:15 p.m. | 44 minutes ago

Description : Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52471

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations. For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the `data_len` parameter received in the RX callback (registered via `esp_now_register_recv_cb()`) is a positive value before further processing. For ESP-IDF v5.4 and later, no application-level workaround is available. Users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…