Security

CVE ID : CVE-2025-6566

Published : June 24, 2025, 1:15 p.m. | 1 hour, 23 minutes ago

Description : A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27827

Published : June 24, 2025, 2:15 p.m. | 23 minutes ago

Description : A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27828

Published : June 24, 2025, 2:15 p.m. | 23 minutes ago

Description : A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5318

Published : June 24, 2025, 2:15 p.m. | 23 minutes ago

Description : A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6032

Published : June 24, 2025, 2:15 p.m. | 23 minutes ago

Description : A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

According to a new report, there are 13 China-owned VPN apps in the Apple App Store. None of them clearly…

Lingerie giant Victoria’s Secret says that it has restored all of its critical systems and is fully operational again, three…

The Washington Post says that the email accounts of some of its journalists have been hacked. The likely culprits? A…

Is it any wonder that ransomware gangs are targeting cyberinsurance companies? There is *so* much valuable data to steal, which…

The Co-op is offering a £10 shopping discount to members after a cyber-attack saw hackers steal personal data including names,…

In modern warfare, it’s not just about who has the biggest bombs — it’s about who controls the story. Source:…

Elon Musk’s Twitter is suing New York State. Why? Because apparently being asked to explain how your social media platform…

When Marks & Spencer paused online orders after it was hit by ransomware, it was bad news for them… but…

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns.…

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in…

A continent-wide takedown of 63,000 Instagram accounts in Nigeria in mid-2024 has spotlighted one of Africa’s fastest growing cyber threats:…

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I…

Inside the MSHTML Exploit: A SOC Analyst’s Walkthrough of CVE-2021–40444

June 2025 • by a SOC Analyst | Threat Hunting | Malware Analysis⚠️ IntroductionIn this post, we take you through a real-world malware investigation where four suspicious documents were suspected of le …
Read more

Published Date:
Jun 24, 2025 (3 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File

Summary
1. A high-severity flaw (CVE-2025-6218) in WinRAR allows attackers to execute arbitrary code by exploiting how the software handles file paths within archives.
2. The vulnerability enables att …
Read more

Published Date:
Jun 24, 2025 (2 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6218

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations.
The vulnerability has been pa …
Read more

Published Date:
Jun 24, 2025 (1 hour, 15 minutes ago)

Vulnerabilities has been mentioned in this article.