CVE ID : CVE-2025-50695
Published : June 24, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50699
Published : June 24, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6570
Published : June 24, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56918
Published : June 24, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4378
Published : June 24, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56916
Published : June 24, 2025, 6:15 p.m. | 38 minutes ago
Description : In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23260
Published : June 24, 2025, 6:15 p.m. | 38 minutes ago
Description : NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49147
Published : June 24, 2025, 6:15 p.m. | 38 minutes ago
Description : Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it’s possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user’s password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53073
Published : June 24, 2025, 6:15 p.m. | 38 minutes ago
Description : In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project’s issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project’s team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device
A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access.
The vulnerability, assigned CVE-2024 …
Read more
Published Date:
Jun 24, 2025 (2 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-45347
OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data
A critical security vulnerability has been discovered in OPPO’s Clone Phone feature that could expose sensitive user data through inadequately secured WiFi hotspots.
The vulnerability, designated CVE- …
Read more
Published Date:
Jun 24, 2025 (2 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27387
Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers
A critical security vulnerability has been discovered in Performave Convoy that allows unauthenticated remote attackers to execute arbitrary code on affected servers.
The vulnerability, identified as …
Read more
Published Date:
Jun 24, 2025 (1 hour, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-52562
CitrixBleed 2: Electric Boogaloo — CVE-2025–5777
CitrixBleed 2: Electric Boogaloo — CVE-2025–5777Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966It’s back like Kanye West …
Read more
Published Date:
Jun 24, 2025 (30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-2403
Published : June 24, 2025, 12:15 p.m. | 2 hours, 23 minutes ago
Description : A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39203
Published : June 24, 2025, 12:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39201
Published : June 24, 2025, 12:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39202
Published : June 24, 2025, 12:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39204
Published : June 24, 2025, 12:15 p.m. | 2 hours, 23 minutes ago
Description : A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39205
Published : June 24, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6426
Published : June 24, 2025, 1:15 p.m. | 1 hour, 23 minutes ago
Description : The executable file warning did not warn users before opening files with the `terminal` extension.
*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…