{
"Source": "CVE FEED",
"Title": "CVE-2025-49081 - There is an insufficient input validation vulnerab",
"Content": "CVE ID : CVE-2025-49081
Published : June 12, 2025, 6:15 p.m. | 2 hours, 15 minutes ago
Description : There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49081 - There is an insufficient input validation vulnerab",
"Content": "CVE ID : CVE-2025-49081
Published : June 12, 2025, 6:15 p.m. | 2 hours, 15 minutes ago
Description : There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41234 - VMware Spring Framework Reflected File Download Vulnerability",
"Content": "CVE ID : CVE-2025-41234
Published : June 12, 2025, 10:15 p.m. | 19 minutes ago
Description : Description
In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.
Specifically, an application is vulnerable when all the following are true:
* The header is prepared with org.springframework.http.ContentDisposition.
* The filename is set via ContentDisposition.Builder#filename(String, Charset).
* The value for the filename is derived from user-supplied input.
* The application does not sanitize the user-supplied input.
* The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).
An application is not vulnerable if any of the following is true:
* The application does not set a “Content-Disposition” response header.
* The header is not prepared with org.springframework.http.ContentDisposition.
* The filename is set via one of: * ContentDisposition.Builder#filename(String), or
* ContentDisposition.Builder#filename(String, ASCII)
* The filename is not derived from user-supplied input.
* The filename is derived from user-supplied input but sanitized by the application.
* The attacker cannot inject malicious content in the downloaded content of the response.
Affected Spring Products and VersionsSpring Framework:
* 6.2.0 - 6.2.7
* 6.1.0 - 6.1.20
* 6.0.5 - 6.0.28
* Older, unsupported versions are not affected
MitigationUsers of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial No further mitigation steps are necessary.
CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-41234 - VMware Spring Framework Reflected File Download Vulnerability",
"Content": "CVE ID : CVE-2025-41234
Published : June 12, 2025, 10:15 p.m. | 19 minutes ago
Description : Description
In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.
Specifically, an application is vulnerable when all the following are true:
* The header is prepared with org.springframework.http.ContentDisposition.
* The filename is set via ContentDisposition.Builder#filename(String, Charset).
* The value for the filename is derived from user-supplied input.
* The application does not sanitize the user-supplied input.
* The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).
An application is not vulnerable if any of the following is true:
* The application does not set a “Content-Disposition” response header.
* The header is not prepared with org.springframework.http.ContentDisposition.
* The filename is set via one of: * ContentDisposition.Builder#filename(String), or
* ContentDisposition.Builder#filename(String, ASCII)
* The filename is not derived from user-supplied input.
* The filename is derived from user-supplied input but sanitized by the application.
* The attacker cannot inject malicious content in the downloaded content of the response.
Affected Spring Products and VersionsSpring Framework:
* 6.2.0 - 6.2.7
* 6.1.0 - 6.1.20
* 6.0.5 - 6.0.28
* Older, unsupported versions are not affected
MitigationUsers of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial No further mitigation steps are necessary.
CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41233 - VMware Avi Load Balancer Blind SQL Injection",
"Content": "CVE ID : CVE-2025-41233
Published : June 12, 2025, 10:15 p.m. | 19 minutes ago
Description : Description:
VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8 .
Known Attack Vectors:
An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Alexandru Copaceanu for reporting this issue to us.
Notes:
None.
Response Matrix:
ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 Moderate 30.1.2-2p3 NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 Moderate 30.1.2-2p3 NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 Moderate 30.2.1-2p6 NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 Moderate 30.2.2-2p5 NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 Moderate 31.1.1-2p2 NoneNone
CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-41233 - VMware Avi Load Balancer Blind SQL Injection",
"Content": "CVE ID : CVE-2025-41233
Published : June 12, 2025, 10:15 p.m. | 19 minutes ago
Description : Description:
VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8 .
Known Attack Vectors:
An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Alexandru Copaceanu for reporting this issue to us.
Notes:
None.
Response Matrix:
ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 Moderate 30.1.2-2p3 NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 Moderate 30.1.2-2p3 NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 Moderate 30.2.1-2p6 NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 Moderate 30.2.2-2p5 NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 Moderate 31.1.1-2p2 NoneNone
CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-44091 - Yangyouwang Crud XSS",
"Content": "CVE ID : CVE-2025-44091
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44091 - Yangyouwang Crud XSS",
"Content": "CVE ID : CVE-2025-44091
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49589 - PCSX2 Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-49589
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49589 - PCSX2 Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-49589
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27689 - Dell iDRAC Tools Privilege Escalation",
"Content": "CVE ID : CVE-2025-27689
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27689 - Dell iDRAC Tools Privilege Escalation",
"Content": "CVE ID : CVE-2025-27689
Published : June 12, 2025, 9:15 p.m. | 1 hour, 19 minutes ago
Description : Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-4228 - Palo Alto Networks Cortex XDR Broker VM Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-4228
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-4228 - Palo Alto Networks Cortex XDR Broker VM Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-4228
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-4230 - Palo Alto Networks PAN-OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-4230
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-4230 - Palo Alto Networks PAN-OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-4230
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-4231 - Palo Alto Networks PAN-OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-4231
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-4231 - Palo Alto Networks PAN-OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-4231
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-4232 - Palo Alto Networks GlobalProtect™ macOS Command Injection",
"Content": "CVE ID : CVE-2025-4232
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-4232 - Palo Alto Networks GlobalProtect™ macOS Command Injection",
"Content": "CVE ID : CVE-2025-4232
Published : June 13, 2025, 12:15 a.m. | 28 minutes ago
Description : An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-4233 - Palo Alto Networks Prisma Access Browser Cache Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-4233
Published : June 12, 2025, 11:15 p.m. | 1 hour, 28 minutes ago
Description : An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-4233 - Palo Alto Networks Prisma Access Browser Cache Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-4233
Published : June 12, 2025, 11:15 p.m. | 1 hour, 28 minutes ago
Description : An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-47959 - Visual Studio Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-47959
Published : June 13, 2025, 2:15 a.m. | 30 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-47959 - Visual Studio Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-47959
Published : June 13, 2025, 2:15 a.m. | 30 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-30399 - Visual Studio .NET Untrusted Search Path Remote Code Execution",
"Content": "CVE ID : CVE-2025-30399
Published : June 13, 2025, 2:15 a.m. | 30 minutes ago
Description : Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-30399 - Visual Studio .NET Untrusted Search Path Remote Code Execution",
"Content": "CVE ID : CVE-2025-30399
Published : June 13, 2025, 2:15 a.m. | 30 minutes ago
Description : Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5815 - WordPress Traffic Monitor Unauthenticated Data Modification Vulnerability",
"Content": "CVE ID : CVE-2025-5815
Published : June 13, 2025, 4:15 a.m. | 36 minutes ago
Description : The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5815 - WordPress Traffic Monitor Unauthenticated Data Modification Vulnerability",
"Content": "CVE ID : CVE-2025-5815
Published : June 13, 2025, 4:15 a.m. | 36 minutes ago
Description : The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5282 - WordPress WP Travel Engine Tour Booking Plugin Unauthenticated Post Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-5282
Published : June 13, 2025, 4:15 a.m. | 36 minutes ago
Description : The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5282 - WordPress WP Travel Engine Tour Booking Plugin Unauthenticated Post Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-5282
Published : June 13, 2025, 4:15 a.m. | 36 minutes ago
Description : The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5938 - Elementor Digital Marketing and Agency Templates CSRF",
"Content": "CVE ID : CVE-2025-5938
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5938 - Elementor Digital Marketing and Agency Templates CSRF",
"Content": "CVE ID : CVE-2025-5938
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5939 - Telegram for WP WordPress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5939
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5939 - Telegram for WP WordPress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5939
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5950 - IndieBlocks WordPress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5950
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5950 - IndieBlocks WordPress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5950
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5233 - WordPress Color Palette Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5233
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5233 - WordPress Color Palette Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5233
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5288 - WordPress Custom API Generator Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-5288
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5288 - WordPress Custom API Generator Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-5288
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5491 - Acer ControlCenter Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-5491
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5491 - Acer ControlCenter Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-5491
Published : June 13, 2025, 3:15 a.m. | 1 hour, 36 minutes ago
Description : Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹