CVE ID : CVE-2025-6545
Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago
Description : Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.
This issue affects pbkdf2: from 3.0.10 through 3.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6518
Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6547
Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago
Description : Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2828
Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52562
Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. This allows the attacker to include and execute arbitrary PHP files on the server. This issue has been patched in version 4.4.1. A temporary workaround involves implementing strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provide …
Read more
Published Date:
Jun 23, 2025 (3 hours, 27 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-20198
Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls
Summary
1. CVE-2025-49825 allows attackers to remotely bypass Teleport’s authentication controls, affecting multiple versions of the secure access platform.
2. Teleport has issued security updates for …
Read more
Published Date:
Jun 23, 2025 (2 hours, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49825
CVE ID : CVE-2025-2172
Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago
Description : Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52542
Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-47297
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-48978
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-47298
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46101
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48700
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52875
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52876
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52877
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52878
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52879
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52968
Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago
Description : xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…