CVE Alert: CVE-2025-49184
Vulnerability Summary: CVE-2025-49184 A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration...
Month: June 2025
CVE Alert: CVE-2025-49183
Vulnerability Summary: CVE-2025-49183 All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an...
CVE Alert: CVE-2025-49188
Vulnerability Summary: CVE-2025-49188 The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information...
CVE Alert: CVE-2025-49189
Vulnerability Summary: CVE-2025-49189 The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access...
CVE Alert: CVE-2025-49190
Vulnerability Summary: CVE-2025-49190 The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server...
CVE Alert: CVE-2025-49191
Vulnerability Summary: CVE-2025-49191 Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs...
CVE Alert: CVE-2025-49187
Vulnerability Summary: CVE-2025-49187 For failed login attempts, the application returns different error messages depending on whether the login failed due...
[QILIN] – Ransomware Victim: faycom
Ransomware Group: QILIN VICTIM NAME: faycom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2025-49196
Vulnerability Summary: CVE-2025-49196 A service supports the use of a deprecated and unsafe TLS version. This could be exploited to...
CVE Alert: CVE-2025-49197
Vulnerability Summary: CVE-2025-49197 The application uses a weak password hash function, allowing an attacker to crack the weak password hash...
CVE Alert: CVE-2025-49186
Vulnerability Summary: CVE-2025-49186 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time...
CVE Alert: CVE-2025-49194
Vulnerability Summary: CVE-2025-49194 The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an...
CVE Alert: CVE-2025-49195
Vulnerability Summary: CVE-2025-49195 The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords...
CVE Alert: CVE-2025-49199
Vulnerability Summary: CVE-2025-49199 The backup ZIPs are not signed by the application, leading to the possibility that an attacker can...
CVE Alert: CVE-2025-49198
Vulnerability Summary: CVE-2025-49198 The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to...
CVE Alert: CVE-2025-49193
Vulnerability Summary: CVE-2025-49193 The application fails to implement several security headers. These headers help increase the overall security level of...
CVE Alert: CVE-2025-49192
Vulnerability Summary: CVE-2025-49192 The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing...
CVE Alert: CVE-2025-49200
Vulnerability Summary: CVE-2025-49200 The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and...
CVE Alert: CVE-2025-46035
Vulnerability Summary: CVE-2025-46035 Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service...
CVE Alert: CVE-2025-36573
Vulnerability Summary: CVE-2025-36573 Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File...
CVE Alert: CVE-2025-49579
Vulnerability Summary: CVE-2025-49579 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in...
CVE Alert: CVE-2024-55567
Vulnerability Summary: CVE-2024-55567 Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01,...
CVE Alert: CVE-2025-5982
Vulnerability Summary: CVE-2025-5982 An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before...
CVE Alert: CVE-2025-4418
Vulnerability Summary: CVE-2025-4418 An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14...
