{
"Source": "CVE FEED",
"Title": "CVE-2025-49181 - Apache Log Service Unauthenticated API Endpoint Information Disclosure and Configuration Modification Vulnerability",
"Content": "CVE ID : CVE-2025-49181
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log filesโ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49181 - Apache Log Service Unauthenticated API Endpoint Information Disclosure and Configuration Modification Vulnerability",
"Content": "CVE ID : CVE-2025-49181
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log filesโ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49182 - Citrix Application Credentials Disclosure",
"Content": "CVE ID : CVE-2025-49182
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49182 - Citrix Application Credentials Disclosure",
"Content": "CVE ID : CVE-2025-49182
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49183 - Apache HTTP Unencrypted Communication Vulnerability",
"Content": "CVE ID : CVE-2025-49183
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49183 - Apache HTTP Unencrypted Communication Vulnerability",
"Content": "CVE ID : CVE-2025-49183
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49184 - Apache Product Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-49184
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49184 - Apache Product Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-49184
Published : June 12, 2025, 2:15 p.m. | 2 hours, 8 minutes ago
Description : A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5982 - GitLab EE IP Access Restriction Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5982
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5982 - GitLab EE IP Access Restriction Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5982
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49080 - "Absolute Secure Access Server Denial of Service Vulnerability"",
"Content": "CVE ID : CVE-2025-49080
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49080 - "Absolute Secure Access Server Denial of Service Vulnerability"",
"Content": "CVE ID : CVE-2025-49080
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-55567 - Insyde H2O UsbCoreDxe SMM Call Out Vulnerability",
"Content": "CVE ID : CVE-2024-55567
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-55567 - Insyde H2O UsbCoreDxe SMM Call Out Vulnerability",
"Content": "CVE ID : CVE-2024-55567
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-45256 - PrestaShop EuroInformation MoneticoPaiement SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2023-45256
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-45256 - PrestaShop EuroInformation MoneticoPaiement SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2023-45256
Published : June 12, 2025, 5:15 p.m. | 1 hour, 9 minutes ago
Description : Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-36573 - Dell Smart Dock Firmware Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-36573
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-36573 - Dell Smart Dock Firmware Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-36573
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46035 - Tenda AC6 Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-46035
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46035 - Tenda AC6 Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-46035
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49467 - JEvents SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-49467
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49467 - JEvents SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-49467
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-44905 - Go-Pg SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-44905
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-44905 - Go-Pg SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-44905
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-44906 - Uptrace PGDriver SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-44906
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-44906 - Uptrace PGDriver SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-44906
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-7562 - InstallShield Elevated Privilege Vulnerability",
"Content": "CVE ID : CVE-2024-7562
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-7562 - InstallShield Elevated Privilege Vulnerability",
"Content": "CVE ID : CVE-2024-7562
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-29744 - PostgreSQL pg-promise SQL Injection",
"Content": "CVE ID : CVE-2025-29744
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-29744 - PostgreSQL pg-promise SQL Injection",
"Content": "CVE ID : CVE-2025-29744
Published : June 12, 2025, 4:15 p.m. | 2 hours, 9 minutes ago
Description : pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5484 - SinoTrack Default Password Vulnerability (Weak Authentication)",
"Content": "CVE ID : CVE-2025-5484
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : A username and password are required to authenticate to the central
SinoTrack device management interface. The username for all devices is
an identifier printed on the receiver. The default password is
well-known and common to all devices. Modification of the default
password is not enforced during device setup. A malicious actor can
retrieve device identifiers with either physical access or by capturing
identifiers from pictures of the devices posted on publicly accessible
websites such as eBay.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5484 - SinoTrack Default Password Vulnerability (Weak Authentication)",
"Content": "CVE ID : CVE-2025-5484
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : A username and password are required to authenticate to the central
SinoTrack device management interface. The username for all devices is
an identifier printed on the receiver. The default password is
well-known and common to all devices. Modification of the default
password is not enforced during device setup. A malicious actor can
retrieve device identifiers with either physical access or by capturing
identifiers from pictures of the devices posted on publicly accessible
websites such as eBay.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5485 - Cisco Router Predictable Device Identifier",
"Content": "CVE ID : CVE-2025-5485
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : User names used to access the web management interface are limited to
the device identifier, which is a numerical identifier no more than 10
digits. A malicious actor can enumerate potential targets by
incrementing or decrementing from known identifiers or through
enumerating random digit sequences.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5485 - Cisco Router Predictable Device Identifier",
"Content": "CVE ID : CVE-2025-5485
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : User names used to access the web management interface are limited to
the device identifier, which is a numerical identifier no more than 10
digits. A malicious actor can enumerate potential targets by
incrementing or decrementing from known identifiers or through
enumerating random digit sequences.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6031 - Amazon Cloud Cam SSL Pinning Bypass",
"Content": "CVE ID : CVE-2025-6031
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
We recommend customers discontinue usage of any remaining Amazon Cloud Cams.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6031 - Amazon Cloud Cam SSL Pinning Bypass",
"Content": "CVE ID : CVE-2025-6031
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
We recommend customers discontinue usage of any remaining Amazon Cloud Cams.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-2745 - AVEVA PI Web API Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-2745
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-2745 - AVEVA PI Web API Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-2745
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-36539 - AVEVA PI Data Archive Denial of Service (DoS)",
"Content": "CVE ID : CVE-2025-36539
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-36539 - AVEVA PI Data Archive Denial of Service (DoS)",
"Content": "CVE ID : CVE-2025-36539
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-44019 - AVEVA PI Data Archive Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2025-44019
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if
exploited, could allow an authenticated user to shut down certain
necessary PI Data Archive subsystems, resulting in a denial of service.
Depending on the timing of the crash, data present in snapshots/write
cache may be lost.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-44019 - AVEVA PI Data Archive Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2025-44019
Published : June 12, 2025, 8:15 p.m. | 15 minutes ago
Description : AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if
exploited, could allow an authenticated user to shut down certain
necessary PI Data Archive subsystems, resulting in a denial of service.
Depending on the timing of the crash, data present in snapshots/write
cache may be lost.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น