CVE ID : CVE-2025-52979
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Security
CVE ID : CVE-2025-6552
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52972
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56731
Published : June 24, 2025, 4:15 a.m. | 1 hour ago
Description : Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it’s still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users’ code hosted on the same instance. This issue has been patched in version 0.13.3.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52975
Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52566
Published : June 24, 2025, 4:15 a.m. | 1 hour, 14 minutes ago
Description : llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp’s tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47943
Published : June 24, 2025, 4:15 a.m. | 1 hour ago
Description : Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52568
Published : June 24, 2025, 4:15 a.m. | 1 hour ago
Description : NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52570
Published : June 24, 2025, 4:15 a.m. | 1 hour ago
Description : Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department
A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US …
Read more
Published Date:
Jun 23, 2025 (3 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2017-17663
CVE-2015-1548
Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials
Researchers at K7 Labs have uncovered a highly targeted Android spyware campaign aimed at Indian mobile users, using a seemingly innocent “Wedding Invitation” APK file shared via WhatsApp. Behind the …
Read more
Published Date:
Jun 24, 2025 (2 hours, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-0039
CVE-2023-28936
North Korean Hackers Exploit GitHub and Dropbox in Targeted Spearphishing Attacks
A new report from EnkiWhiteHat has unveiled a sophisticated cyber espionage operation that leverages GitHub private repositories, Dropbox links, and the open-source XenoRAT malware in a campaign targe …
Read more
Published Date:
Jun 24, 2025 (2 hours, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3393
CVE-2025-5777 – Critical Citrix NetScaler Vulnerability
CVE-2025-5777 is a critical out-of-bounds read vulnerability discovered in Citrix NetScaler ADC and NetScaler Gateway. This flaw allows unauthenticated remote attackers to access sensitive memory cont …
Read more
Published Date:
Jun 24, 2025 (1 hour, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5777
CVE-2024-8535
CVE-2024-8534
CVE-2023-4966
No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform
Security researcher TheHiker disclosured three serious vulnerabilities in InnoShop, an open-source eCommerce system built on Laravel 12.
These issues—ranging from insecure direct object references (ID …
Read more
Published Date:
Jun 24, 2025 (58 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2172
CVE-2025-2171
CVE-2025-52922
CVE-2025-52921
CVE-2025-52920
CVE-2024-55661
From Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller
Mandiant successfully breached a fully patched instance of the Aviatrix Controller—a central component in Software-Defined Networking (SDN) architectures—by chaining together multiple vulnerabilities …
Read more
Published Date:
Jun 24, 2025 (48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-52562
CVE-2025-2172
CVE-2025-2171
CVE-2024-50603
Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!
A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has received the highest possible severity rating—CVSS 10.0—and could allow unauthenticated …
Read more
Published Date:
Jun 24, 2025 (37 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-52562
CVE-2025-2172
CVE-2025-2171
CVE-2024-50386
Notepad++ Vulnerability Let Attacker Gains Complete System Control – PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise.
The flaw, designated CVE-202 …
Read more
Published Date:
Jun 24, 2025 (28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49144
CVE-2023-47452
CVE-2023-6401
CVE ID : CVE-2025-49574
Published : June 23, 2025, 8:15 p.m. | 5 hours, 46 minutes ago
Description : Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23092
Published : June 23, 2025, 9:15 p.m. | 4 hours, 46 minutes ago
Description : Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files and execute unauthorized commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52558
Published : June 23, 2025, 9:15 p.m. | 4 hours, 46 minutes ago
Description : changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…