No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2025-25012 - Kibana Open Redirect and SSRF Vulnerability

    CVE ID : CVE-2025-25012Published : June 25, 2025, 12:15 p.m. | 21 minutes agoDescription : URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.Severity: 4.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-6603 - "qCUDA qcow Integer Overflow Vulnerability"

    CVE ID : CVE-2025-6603Published : June 25, 2025, 11:15 a.m. | 1 hour, 21 minutes agoDescription : A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads to integer overflow. The attack needs to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.Severity: 5.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-5927 - Everest Forms Pro WordPress Remote File Deletion Vulnerability

    CVE ID : CVE-2025-5927Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone.Severity: 7.5 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-6613 - PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability

    CVE ID : CVE-2025-6613Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Severity: 3.5 | LOWVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-41256 - Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

    CVE ID : CVE-2025-41256Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.Severity: 7.4 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-41647 - Siemens PLC Designer Password Disclosure Vulnerability

    CVE ID : CVE-2025-41647Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.Severity: 5.5 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-49797 - Brother Privilege Escalation Vulnerability

    CVE ID : CVE-2025-49797Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].Severity: 7.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-41255 - Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

    CVE ID : CVE-2025-41255Published : June 25, 2025, 10:15 a.m. | 2 hours, 21 minutes agoDescription : Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.Severity: 8.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2024-51984 - Apache Device Passcode Authentication Service Password Disclosure Vulnerability

    CVE ID : CVE-2024-51984Published : June 25, 2025, 8:15 a.m. | 4 hours, 21 minutes agoDescription : An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker.Severity: 6.8 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2024-51981 - Apache SOAP SSRF/HTTP Request Smuggling

    CVE ID : CVE-2024-51981Published : June 25, 2025, 8:15 a.m. | 4 hours, 21 minutes agoDescription : An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.Severity: 5.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
    on June 25, 2025 at 10:37 am

    June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more Published Date: Jun 25, 2025 (2 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2025-47953 CVE-2025-47172 CVE-2025-47167 CVE-2025-47164 CVE-2025-47162 CVE-2025-33073 CVE-2025-33071 CVE-2025-33070 CVE-2025-33053 CVE-2025-32710 CVE-2025-29828

  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    on June 25, 2025 at 10:37 am

    How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more Published Date: Jun 25, 2025 (2 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048

  • Linux CentOS Web Panel Vulnerability Let Attackers Execute Malicious Remote Code – PoC Released
    on June 25, 2025 at 9:54 am

    Linux CentOS Web Panel Vulnerability Let Attackers Execute Malicious Remote Code – PoC Released A critical security vulnerability in CentOS Web Panel (CWP) has been discovered that allows unauthenticated remote attackers to execute arbitrary commands on affected servers. The flaw, tracked as CVE ... Read more Published Date: Jun 25, 2025 (2 hours, 43 minutes ago) Vulnerabilities has been mentioned in this article.

  • CISA Issued ICS Advisories Covering Current Vulnerabilities and Exploits
    on June 25, 2025 at 9:13 am

    CISA Issued ICS Advisories Covering Current Vulnerabilities and Exploits CISA has issued eight Industrial Control Systems (ICS) advisories on June 24, 2025, highlighting significant security vulnerabilities across multiple vendors’ systems. The advisories, coded as ICSA-25 ... Read more Published Date: Jun 25, 2025 (3 hours, 25 minutes ago) Vulnerabilities has been mentioned in this article.

  • NVIDIA Megatron LM Vulnerability Let Attackers Inject Malicious Code
    on June 25, 2025 at 8:49 am

    NVIDIA Megatron LM Vulnerability Let Attackers Inject Malicious Code Critical security vulnerabilities in NVIDIA Megatron LM large language model framework that could allow attackers to inject malicious code and gain unauthorized system access. The company released eme ... Read more Published Date: Jun 25, 2025 (3 hours, 48 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-23265 CVE-2025-23264

  • Adversarial AI Digest — June, 2025
    on June 25, 2025 at 8:13 am

    Adversarial AI Digest — June, 2025 Adversarial AI Digest — June, 2025A digest of AI security research, insights, reports, upcoming events, and tools & resources. Follow AI Security community on Twitter and LinkedIn group for additional ... Read more Published Date: Jun 25, 2025 (4 hours, 24 minutes ago) Vulnerabilities has been mentioned in this article.

  • TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges
    on June 25, 2025 at 7:31 am

    TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges A significant security vulnerability in the TeamViewer Remote Management solution for Windows that could allow attackers with local access to delete arbitrary files with SYSTEM privileges, potentially ... Read more Published Date: Jun 25, 2025 (5 hours, 7 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-36537

  • Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!
    on June 25, 2025 at 7:15 am

    Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk! Two newly disclosed vulnerabilities in the Kaleris Navis N4 terminal operating system could allow attackers to remotely compromise container terminal infrastructure, according to a security advisory r ... Read more Published Date: Jun 25, 2025 (5 hours, 22 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-5087 CVE-2025-2566 CVE-2024-12378

  • June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
    on June 25, 2025 at 6:37 am

    June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more Published Date: Jun 25, 2025 (6 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2025-47953 CVE-2025-47172 CVE-2025-47167 CVE-2025-47164 CVE-2025-47162 CVE-2025-33073 CVE-2025-33071 CVE-2025-33070 CVE-2025-33053 CVE-2025-32710 CVE-2025-29828

  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    on June 25, 2025 at 6:37 am

    How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more Published Date: Jun 25, 2025 (6 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048

  • June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
    on June 25, 2025 at 4:37 am

    June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more Published Date: Jun 25, 2025 (8 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2025-47953 CVE-2025-47172 CVE-2025-47167 CVE-2025-47164 CVE-2025-47162 CVE-2025-33073 CVE-2025-33071 CVE-2025-33070 CVE-2025-33053 CVE-2025-32710 CVE-2025-29828

  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    on June 25, 2025 at 4:37 am

    How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more Published Date: Jun 25, 2025 (8 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048

  • Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched
    on June 25, 2025 at 2:37 am

    Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer for the Elastic Stack. One vulnerability, CVE-2025-2135, is par ... Read more Published Date: Jun 25, 2025 (10 hours ago) Vulnerabilities has been mentioned in this article.

  • TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation
    on June 25, 2025 at 2:14 am

    TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation TeamViewer, a widely used remote access and management platform, has disclosed a new vulnerability that impacts its Remote Management features on Windows systems. Tracked as CVE-2025-36537, the flaw h ... Read more Published Date: Jun 25, 2025 (10 hours, 24 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-36537 CVE-2025-0065

  • SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign
    on June 25, 2025 at 2:07 am

    SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign SonicWall, in collaboration with Microsoft Threat Intelligence (MSTIC), has uncovered a sophisticated campaign that distributes a Trojanized version of SonicWall’s NetExtender VPN client, masquerading ... Read more Published Date: Jun 25, 2025 (10 hours, 31 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-36537 CVE-2024-40766

  • Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1
    on June 25, 2025 at 1:53 am

    Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1 NVIDIA has released a security bulletin addressing two newly discovered vulnerabilities—CVE-2025-23264 and CVE-2025-23265—affecting Megatron-LM, its open-source large language model (LLM) framework de ... Read more Published Date: Jun 25, 2025 (10 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-23265 CVE-2025-23264 CVE-2024-0138

  • Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks
    on June 25, 2025 at 1:47 am

    Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks Hitachi Energy has released a cybersecurity advisory (8DBD000218) disclosing five newly discovered vulnerabilities affecting its MicroSCADA X SYS600 product, a widely deployed supervisory control and ... Read more Published Date: Jun 25, 2025 (10 hours, 51 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-39205 CVE-2025-39204 CVE-2025-39203 CVE-2025-39202 CVE-2025-39201

  • Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks
    on June 25, 2025 at 12:32 am

    Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a range of wireless LAN routers manufactured by ELECOM CO., LTD. The vulnerabiliti ... Read more Published Date: Jun 25, 2025 (12 hours, 6 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-48890 CVE-2025-43879 CVE-2025-43877 CVE-2025-41427 CVE-2025-36519 CVE-2024-45200

  • Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases
    on June 25, 2025 at 12:17 am

    Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases The Phantom The Cyber Security Agency (CSA) of Singapore has issued an urgent security advisory highlighting multiple high-impact vulnerabilities affecting Advantech’s industrial automation products, ... Read more Published Date: Jun 25, 2025 (12 hours, 21 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-48470 CVE-2025-48469 CVE-2025-48468 CVE-2025-48467 CVE-2025-48466 CVE-2025-48463 CVE-2025-48462 CVE-2025-48461

  • Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials
    on June 25, 2025 at 12:13 am

    Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a rogue WordPress plugin. This campaign, first identified during a site clean on May 16, 2 ... Read more Published Date: Jun 25, 2025 (12 hours, 25 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2022-31626

  • Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
    on June 24, 2025 at 9:01 pm

    Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cybe ... Read more Published Date: Jun 24, 2025 (15 hours, 37 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-5777 CVE-2023-4966

  • June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
    on June 24, 2025 at 8:37 pm

    June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more Published Date: Jun 24, 2025 (16 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2025-47953 CVE-2025-47172 CVE-2025-47167 CVE-2025-47164 CVE-2025-47162 CVE-2025-33073 CVE-2025-33071 CVE-2025-33070 CVE-2025-33053 CVE-2025-32710 CVE-2025-29828

  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    on June 24, 2025 at 8:37 pm

    How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more Published Date: Jun 24, 2025 (16 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048

  • Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog
    on June 24, 2025 at 8:07 pm

    Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog Researchers have uncovered three vulnerabilities in the popular content management system, Sitecore Experience Platform. CVE-2025-34509 involves a hard-coded password (consisting of just a single lett ... Read more Published Date: Jun 24, 2025 (16 hours, 31 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-6019 CVE-2025-34511 CVE-2025-34510 CVE-2025-34509 CVE-2025-33053

  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    on June 24, 2025 at 6:37 pm

    How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more Published Date: Jun 24, 2025 (18 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048

severity high

  • CVE-2025-41255 - Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

    CVE ID : CVE-2025-41255Published : June 25, 2025, 10:15 a.m. | 2 hours agoDescription : Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.Severity: 8.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2024-51978 - Cisco Device Default Administrator Password Disclosure Vulnerability

    CVE ID : CVE-2024-51978Published : June 25, 2025, 8:15 a.m. | 4 hours agoDescription : An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.Severity: 9.8 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-36004 - IBM Facsimile Support for i Privilege Escalation Vulnerability

    CVE ID : CVE-2025-36004Published : June 25, 2025, 3:15 a.m. | 9 hours agoDescription : IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.Severity: 8.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52572 - Hikka Telegram Userbot Remote Code Execution and Account Takeover Vulnerability

    CVE ID : CVE-2025-52572Published : June 24, 2025, 9:15 p.m. | 15 hours agoDescription : Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web interface does have an authenticated session: due to insufficient warning in the authentication message, users were tempted to click "Allow" in the "Allow web application ops" menu. This gave an attacker access not only to remote code execution, but also to Telegram accounts of owners. Scenario number 2 is known to have been exploited in the wild. No known patches are available, but some workarounds are available. Use `--no-web` flag and do not start userbot without it; after authorizing in the web interface, close the port on the server and/or start the userbot with `--no-web` flag; and do not click "Allow" in your helper bot unless it is your explicit action that needs to be allowed.Severity: 10.0 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52571 - Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

    CVE ID : CVE-2025-52571Published : June 24, 2025, 8:15 p.m. | 16 hours agoDescription : Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.Severity: 9.6 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2024-37743 - KnowledgeGPT Arbitrary Code Execution Vulnerability

    CVE ID : CVE-2024-37743Published : June 24, 2025, 8:15 p.m. | 16 hours agoDescription : An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.Severity: 9.8 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-4378 - Ataturk University ATA-AOF Mobile Application Cleartext Transmission and Hard-coded Credentials Vulnerability

    CVE ID : CVE-2025-4378Published : June 24, 2025, 5:15 p.m. | 19 hours agoDescription : Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025.Severity: 10.0 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-4383 - Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot Authentication Abuse Bypass

    CVE ID : CVE-2025-4383Published : June 24, 2025, 4:15 p.m. | 20 hours agoDescription : Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025.Severity: 9.3 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-6568 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

    CVE ID : CVE-2025-6568Published : June 24, 2025, 3:15 p.m. | 21 hours agoDescription : A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Severity: 8.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-32977 - Quest KACE Systems Management Appliance File Upload Vulnerability

    CVE ID : CVE-2025-32977Published : June 24, 2025, 3:15 p.m. | 21 hours agoDescription : Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.Severity: 9.6 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.