CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

June 10, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –

CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical

Source: Read More

Previous ArticleCVE-2025-40662 – DM Corporative CMS Absolute Path Disclosure

Next Article CVE-2025-40660 – DM Corporative CMS IDOR Vulnerability

Highlights

CVE-2024-5647 – WordPress Magnific Popups Stored Cross-Site Scripting Vulnerability

July 3, 2025

CVE ID : CVE-2024-5647

Published : July 3, 2025, 10:15 a.m. | 1 hour, 14 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was fixed in the upstream library (Magnific Popups version 1.2.0) by disabling the loading of HTML within certain fields by default.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

I found the best July 4th deals live now: Save on outdoor, tech, home and more

CVE-2025-49739 – Visual Studio Link Following Privilege Escalation Vulnerability

June 2025: All AI updates from the past month

You Can Now Use AI Agents to Generate Code in Microsoft Power Apps

CVE-2024-5647 – WordPress Magnific Popups Stored Cross-Site Scripting Vulnerability

CVE-2025-5446 – “Linksys Router Remote OS Command Injection Vulnerability”

CVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

CVE-2025-7489 – “PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability”

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

Related Posts