CyberAlerts

CVE-2025-3835

Description: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

CVSS: CRITICAL (9.6)

EPSS Score: 0.16%

Source: CVE

June 9th, 2025 (17 days ago)

EU Launches Privacy-Focused Public DNS Resolver Named DNS4EU

Description: The European Union has officially launched DNS4EU, a secure, privacy-compliant DNS resolution service aimed at citizens, governments, and telecom providers across the bloc. Developed under the supervision of ENISA and managed by a pan-European consortium led by Czech cybersecurity firm Whalebone, DNS4EU is now operational after nearly three years of planning. Initially announced in October … The post EU Launches Privacy-Focused Public DNS Resolver Named DNS4EU appeared first on CyberInsider.

Source: CyberInsider

June 9th, 2025 (17 days ago)

Blocking stolen phones from the cloud can be done, should be done, won't be done

Source: TheRegister

June 9th, 2025 (17 days ago)

CVE-2025-5871

Papendorf SOL Connect Center Web Interface missing authentication

Description: A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Papendorf SOL Connect Center 3.3.0.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE

June 9th, 2025 (17 days ago)

CVE-2025-5870

TRENDnet TV-IP121W Web Interface setup.cgi improper authentication

Description: A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In TRENDnet TV-IP121W 1.1.1 Build 36 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/setup.cgi der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.07%

Source: CVE

June 9th, 2025 (17 days ago)

CVE-2025-40675

Reflected Cross-Site Scripting (XSS) in Bagisto

Description: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CVSS: MEDIUM (5.1)

EPSS Score: 0.06%

Source: CVE

June 9th, 2025 (17 days ago)

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs

Source: TheRegister

June 9th, 2025 (17 days ago)

Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere

Description: This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first on Unit 42.

Source: Palo Alto Unit42

June 9th, 2025 (17 days ago)

Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin

Description: The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577). The post Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin appeared first on Patchstack.

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

Source: PatchStack

June 9th, 2025 (17 days ago)

CVE-2025-5869

RT-Thread lwp_syscall.c sys_recvfrom memory corruption

Description: A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. Es wurde eine Schwachstelle in RT-Thread 5.1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion sys_recvfrom der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Beeinflussen des Arguments from mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE

June 9th, 2025 (17 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-3835	Remote Code Execution Description: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. CVSS: CRITICAL (9.6) EPSS Score: 0.16% Source: CVE June 9th, 2025 (17 days ago)
	EU Launches Privacy-Focused Public DNS Resolver Named DNS4EU Description: The European Union has officially launched DNS4EU, a secure, privacy-compliant DNS resolution service aimed at citizens, governments, and telecom providers across the bloc. Developed under the supervision of ENISA and managed by a pan-European consortium led by Czech cybersecurity firm Whalebone, DNS4EU is now operational after nearly three years of planning. Initially announced in October … The post EU Launches Privacy-Focused Public DNS Resolver Named DNS4EU appeared first on CyberInsider. Source: CyberInsider June 9th, 2025 (17 days ago)
	Blocking stolen phones from the cloud can be done, should be done, won't be done Source: TheRegister June 9th, 2025 (17 days ago)
CVE-2025-5871	Papendorf SOL Connect Center Web Interface missing authentication Description: A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Papendorf SOL Connect Center 3.3.0.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.06% Source: CVE June 9th, 2025 (17 days ago)
CVE-2025-5870	TRENDnet TV-IP121W Web Interface setup.cgi improper authentication Description: A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In TRENDnet TV-IP121W 1.1.1 Build 36 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/setup.cgi der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. CVSS: HIGH (7.3) EPSS Score: 0.07% Source: CVE June 9th, 2025 (17 days ago)
CVE-2025-40675	Reflected Cross-Site Scripting (XSS) in Bagisto Description: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. CVSS: MEDIUM (5.1) EPSS Score: 0.06% Source: CVE June 9th, 2025 (17 days ago)
	Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs Source: TheRegister June 9th, 2025 (17 days ago)
	Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere Description: This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first on Unit 42. Source: Palo Alto Unit42 June 9th, 2025 (17 days ago)
	Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin Description: The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577). The post Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin appeared first on Patchstack. CVSS: CRITICAL (10.0) EPSS Score: 0.06% Source: PatchStack June 9th, 2025 (17 days ago)
CVE-2025-5869	RT-Thread lwp_syscall.c sys_recvfrom memory corruption Description: A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. Es wurde eine Schwachstelle in RT-Thread 5.1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion sys_recvfrom der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Beeinflussen des Arguments from mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. CVSS: HIGH (8.6) EPSS Score: 0.04% Source: CVE June 9th, 2025 (17 days ago)