{
"Source": "CVE FEED",
"Title": "CVE-2025-5439 - "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 Facebook Like Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5439
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5439 - "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 Facebook Like Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5439
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-3260 - Grafana Dashboard Permission Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-3260
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).
Impact:
- Viewers can view all dashboards/folders regardless of permissions
- Editors can view/edit/delete all dashboards/folders regardless of permissions
- Editors can create dashboards in any folder regardless of permissions
- Anonymous users with viewer/editor roles are similarly affected
Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-3260 - Grafana Dashboard Permission Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-3260
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).
Impact:
- Viewers can view all dashboards/folders regardless of permissions
- Editors can view/edit/delete all dashboards/folders regardless of permissions
- Editors can create dashboards in any folder regardless of permissions
- Anonymous users with viewer/editor roles are similarly affected
Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1750 - DuckDBVectorStore SQL Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-1750
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1750 - DuckDBVectorStore SQL Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-1750
Published : June 2, 2025, 10:15 a.m. | 1 hour, 33 minutes ago
Description : An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5446 - "Linksys Router Remote OS Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5446
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5446 - "Linksys Router Remote OS Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5446
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5445 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5445
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5445 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5445
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-26396 - SolarWinds Dameware Mini Remote Control Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-26396
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-26396 - SolarWinds Dameware Mini Remote Control Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-26396
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46806 - "sslh Denial of Service Pointer Offset Vulnerability"",
"Content": "CVE ID : CVE-2025-46806
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46806 - "sslh Denial of Service Pointer Offset Vulnerability"",
"Content": "CVE ID : CVE-2025-46806
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48745 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-48745
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48745 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-48745
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-12168 - Yandex Telemost DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2024-12168
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-12168 - Yandex Telemost DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2024-12168
Published : June 2, 2025, 1:15 p.m. | 37 minutes ago
Description : Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5443 - "Linksys Wireless Router Os Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5443
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5443 - "Linksys Wireless Router Os Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5443
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5444 - "Linksys Wireless Router RP_UpgradeFWByBBS OS Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5444
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5444 - "Linksys Wireless Router RP_UpgradeFWByBBS OS Command Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-5444
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48955 - "Para Exposes Access and Secret Keys in Logs"",
"Content": "CVE ID : CVE-2025-48955
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48955 - "Para Exposes Access and Secret Keys in Logs"",
"Content": "CVE ID : CVE-2025-48955
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48957 - AstrBot Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48957
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48957 - AstrBot Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48957
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48958 - Froxlor HTML Injection Vulnerability",
"Content": "CVE ID : CVE-2025-48958
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48958 - Froxlor HTML Injection Vulnerability",
"Content": "CVE ID : CVE-2025-48958
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48990 - NeKernal Heap Overflow",
"Content": "CVE ID : CVE-2025-48990
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48990 - NeKernal Heap Overflow",
"Content": "CVE ID : CVE-2025-48990
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48495 - Gokapi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-48495
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48495 - Gokapi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-48495
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46807 - SSLH File Descriptor Exhaustion Denial of Service",
"Content": "CVE ID : CVE-2025-46807
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46807 - SSLH File Descriptor Exhaustion Denial of Service",
"Content": "CVE ID : CVE-2025-46807
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹