{
"Source": "CVE FEED",
"Title": "CVE-2025-23099 - Samsung Exynos OOB Write Vulnerability",
"Content": "CVE ID : CVE-2025-23099
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23099 - Samsung Exynos OOB Write Vulnerability",
"Content": "CVE ID : CVE-2025-23099
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-23105 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23105
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23105 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23105
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1051 - Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-1051
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1051 - Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-1051
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5086 - DELmia Apriso Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2025-5086
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5086 - DELmia Apriso Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2025-5086
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27954 - Apache Clinical Collaboration Platform Cross-Site Scripting (XSS) and Remote Code Execution",
"Content": "CVE ID : CVE-2025-27954
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27954 - Apache Clinical Collaboration Platform Cross-Site Scripting (XSS) and Remote Code Execution",
"Content": "CVE ID : CVE-2025-27954
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27955 - Clinical Collaboration Platform Session Token Weakness (Authentication Bypass)",
"Content": "CVE ID : CVE-2025-27955
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27955 - Clinical Collaboration Platform Session Token Weakness (Authentication Bypass)",
"Content": "CVE ID : CVE-2025-27955
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27956 - WebLaudos Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-27956
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27956 - WebLaudos Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-27956
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-45387 - osTicket Broken Access Control Vulnerability",
"Content": "CVE ID : CVE-2025-45387
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-45387 - osTicket Broken Access Control Vulnerability",
"Content": "CVE ID : CVE-2025-45387
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20298 - Splunk Universal Forwarder Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-20298
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20298 - Splunk Universal Forwarder Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-20298
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-23104 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23104
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23104 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23104
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27953 - Citrix Clinical Collaboration Platform Remote Code Execution and Information Disclosure",
"Content": "CVE ID : CVE-2025-27953
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27953 - Citrix Clinical Collaboration Platform Remote Code Execution and Information Disclosure",
"Content": "CVE ID : CVE-2025-27953
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20297 - Splunk Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-20297
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20297 - Splunk Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-20297
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48996 - HAX Penn State University Open-Apis Information Disclosure",
"Content": "CVE ID : CVE-2025-48996
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48996 - HAX Penn State University Open-Apis Information Disclosure",
"Content": "CVE ID : CVE-2025-48996
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48387 - Tar-fs Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48387
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48387 - Tar-fs Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48387
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-47585 - Mage People Team Booking and Rental Manager Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-47585
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-47585 - Mage People Team Booking and Rental Manager Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-47585
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-3919 - WordPress Comments Import & Export Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-3919
Published : June 2, 2025, 11:15 p.m. | 1 hour, 4 minutes ago
Description : The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-3919 - WordPress Comments Import & Export Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-3919
Published : June 2, 2025, 11:15 p.m. | 1 hour, 4 minutes ago
Description : The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5419 - Google Chrome Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-5419
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5419 - Google Chrome Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-5419
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49162 - Arris VIP1113 TFTP File Overwrite Vulnerability",
"Content": "CVE ID : CVE-2025-49162
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49162 - Arris VIP1113 TFTP File Overwrite Vulnerability",
"Content": "CVE ID : CVE-2025-49162
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49163 - Arris VIP1113 Boot Image Injection Vulnerability",
"Content": "CVE ID : CVE-2025-49163
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49163 - Arris VIP1113 Boot Image Injection Vulnerability",
"Content": "CVE ID : CVE-2025-49163
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49164 - Arris VIP1113 TV Set-Top Box Firmware Decryption Key Disclosure",
"Content": "CVE ID : CVE-2025-49164
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49164 - Arris VIP1113 TV Set-Top Box Firmware Decryption Key Disclosure",
"Content": "CVE ID : CVE-2025-49164
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5068 - Google Chrome Blink Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5068
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5068 - Google Chrome Blink Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5068
Published : June 3, 2025, 12:15 a.m. | 2 hours, 14 minutes ago
Description : Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹