Google Chrome Security Update (stable-channel-update-for-desktop_30-2025-06) - Mac OS X

Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

CVE-2025-6224

CVE-2025-6224 affects juju/utils (cert.NewLeaf). The issue allows a certificate generated by cert.NewLeaf to reveal the private key if the cert is later sent in plaintext over the network. Multiple sources (NVD, Red Hat, OSV, GHSA) confirm the leak in juju/utils and reference the same root cause....

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2025-48470 Stored Cross site Scripting (XSS)

Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation...

CVE-2025-6516 HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5Faddrdecodelen of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to...

The vulnerability of the ptp_ocp_probe() function in the drivers/ptp/ptp_ocp.c kernel module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the ptpocpprobe function in the drivers/ptp/ptpocp.c kernel module of the Linux operating system is related to security configuration errors. Exploiting this vulnerability can allow a attacker to cause service failures...

CVE-2025-5478

Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The...

PT-2025-26300 · Unknown · Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 1.0 Description: A critical vulnerability was found in the PHPGurukul Directory Management System. The issue affects an unknown functionality of the file /admin/search-directory.php. The...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

TencentOS Server 3: unbound (TSSA-2024:0112)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0112 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Windows 11 SMB Client - Privilege Escalation & Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-13 Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux...

CVE-2025-46968

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49199 Backup files can be modified and uploaded

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...

CVE-2025-29756

The CVE-2025-29756 entry describes a vulnerability in SunGrow iSolarCloud’s MQTT service used by the backend for device data transport. The MQTT broker reportedly lacks sufficient topic-subscription restrictions, enabling a user with an iSolarCloud account to subscribe to any topic (notably the a...

CVE-2025-47089

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which is caused due to improper boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system...

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2025-25162 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

CVE-2025-5701

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...