integratus systems - Factory BitsFactory Bits 500 Companies and Solutions Driving Industrial Digital Transformation

integratus systems

Exchange Platform Services

Join Now-Sign Up
Log In

Factory Bits 500 Companies and Solutions Driving Industrial Digital Transformation

Blog
Editor Paper Extracts
Editor Picks Articles
Editor Picks Maps
Editor Picks Reports
IS Competitive Intelligence Briefings
IS Intelligence Work Group
IS Partners
IS Projects Work Group
IS Reports
IS Security Work Group
IS Working Group Briefings
Uncategorized

IS Security Alerts Advisories

Multiple vulnerabilities in RICOH Streamline NX PC Client
RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities. ... read more
93.03850
Newly Added (1)Android/NGate.S!trModified (3)Adware/Agent!AndroidAdware/SpyLoan!AndroidAndroid/KillFiles.QL!tr ... read more
CVE-2025-4863 | Advaya Softech GEMS ERP Portal 2.1 studentLogin.action userId sql injection
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument ... read more
CVE-2022-4363 | Wholesale Market Plugin prior 2.2.2 on WordPress Setting cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Wholesale Market Plugin and Wholesale Market for WooCommerce Plugin on WordPress. Affected by this issue is some unknown functionality ... read more
CVE-2025-47945 | donetick up to 0.1.43 JSON Web Token variable initialization (GHSA-hjjg-vw4j-986x)
A vulnerability was found in donetick up to 0.1.43. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component JSON Web Token Handler. ... read more
CVE-2025-47786 | Emlog 2.5.13 /admin/comment.php perpage_num cross site scripting (GHSA-82qc-9vg7-2c6c)
A vulnerability classified as problematic has been found in Emlog 2.5.13. Affected is an unknown function of the file /admin/comment.php. The manipulation of the argument perpage_num leads to cross site ... read more
CVE-2025-47785 | Emlog up to 2.5.9 admin/article_save.php origContent sql injection (GHSA-939m-47f7-m559)
A vulnerability has been found in Emlog up to 2.5.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the ... read more
CVE-2025-2203 | FunnelKit Plugin up to 3.10.1 on WordPress sql injection (EUVD-2025-15210)
A vulnerability classified as critical has been found in FunnelKit Plugin up to 3.10.1 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is ... read more
CVE-2025-4871 | PCMan FTP Server 2.0.7 REST Command buffer overflow
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads ... read more
CVE-2025-4866 | weibocom rill-flow 0.1.18 Management Console code injection (Issue 102)
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. ... read more
CVE-2025-32407 | Samsung Internet for Galaxy Watch 5.0.9 TLS Certificate channel accessible (EUVD-2025-15549)
A vulnerability classified as problematic was found in Samsung Internet for Galaxy Watch 5.0.9. Affected by this vulnerability is an unknown functionality of the component TLS Certificate Handler. The manipulation ... read more
CVE-2025-4872 | FreeFloat FTP Server 1.0 CCC Command buffer overflow
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer ... read more
CVE-2025-4190 | CSV Mass Importer Plugin up to 1.2 on WordPress unrestricted upload (EUVD-2025-15569)
A vulnerability was found in CSV Mass Importer Plugin up to 1.2 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation ... read more
CVE-2025-48187 | infiniflow ragflow up to 0.18.1 excessive authentication (EUVD-2025-15586)
A vulnerability was found in infiniflow ragflow up to 0.18.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction ... read more
CVE-2025-47273 | pypa setuptools up to 78.1.0 PackageIndex path traversal (ID 4946 / EUVD-2025-15591)
A vulnerability, which was classified as critical, has been found in pypa setuptools up to 78.1.0. Affected by this issue is some unknown functionality of the component PackageIndex. The manipulation ... read more
CVE-2025-1454 | Ninja Pages Plugin up to 1.4.2 on WordPress Admin Settings cross site scripting
A vulnerability was found in Ninja Pages Plugin up to 1.4.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Admin Settings. ... read more
93.03849
Modified (7)Adware/Agent!AndroidAndroid/Agent.EHJ!tr.spyAndroid/Agent.FBE!trAndroid/Agent.FJL!trAndroid/Banker.CNB!tr.spyAndroid/KillFiles.QL!trAndroid/KillFiles.QM!tr ... read more
ISC Stormcast For Friday, June 13th, 2025 https://isc.sans.edu/podcastdetail/9492, (Fri, Jun 13th)
... read more
93.03848
Newly Added (1)Android/KillFiles.YL!trModified (16)Adware/Fyben!AndroidAdware/Keylogger!AndroidAdware/SpyLoan!AndroidAndroid/Agent.DUU!tr.spyAndroid/Agent.EHJ!tr.spyAndroid/Agent.EIG!tr.spyAndroid/Agent.FJL!trAndroid/Agent.JZJ!trAndroid/Banker.BGB!tr.spyAndroid/Banker.CHE!tr.spyAndroid/Banker.DOJ!tr.spyAndroid/GriftHorse.B!trAndroid/KillFiles.BS!trAndroid/KreditSpy.S!tr.spyRiskware/Application!AndroidRiskware/Spamtool!Android ... read more
SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln;
Automated Tools to Assist with DShield Honeypot Investigations https://isc.sans.edu/diary/Automated%20Tools%20to%20Assist%20with%20DShield%20Honeypot%20Investigations%20%5BGuest%20Diary%5D/32038 EchoLeak: Zero-Click Microsoft 365 Copilot Data Leak Microsoft fixed a vulnerability in Copilot that could have been abused to exfiltrate data ... read more
CVE-2025-1791 | Zorlan SkyCaiji 2.9 Tool.php fileAction save_data unrestricted upload
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads ... read more
CVE-2025-45238 | FoxCMS 1.2.5 delRestoreSerie denial of service
A vulnerability was found in FoxCMS 1.2.5. It has been rated as problematic. This issue affects the function delRestoreSerie. The manipulation leads to denial of service. The identification of this ... read more
CVE-2025-45240 | FoxCMS 1.2.5 DataBackup.php executeCommand sql injection (EUVD-2025-13452)
A vulnerability, which was classified as critical, was found in FoxCMS 1.2.5. This affects the function executeCommand of the file DataBackup.php. The manipulation leads to sql injection. This vulnerability is ... read more
CVE-2025-45239 | FoxCMS 2.0.6 Restore DataBackup.php path traversal
A vulnerability, which was classified as critical, was found in FoxCMS 2.0.6. Affected is an unknown function of the file DataBackup.php of the component Restore Handler. The manipulation leads to ... read more
CVE-2025-48797 | GIMP TGA Image Parser Pufferüberlauf
In GIMP wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Komponente TGA Image Parser. Durch Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. ... read more
CVE-2025-48057 | Icinga icinga2 bis 2.12.11/2.13.11/2.14.5 VerifyCertificate Remote Code Execution
In Icinga icinga2 bis 2.12.11/2.13.11/2.14.5 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion VerifyCertificate. Durch Manipulieren mit unbekannten Daten kann eine Remote Code Execution-Schwachstelle ... read more
CVE-2025-3704 | DBAR Productions Volunteer Sign Up Sheets Plugin bis 5.5.4 auf WordPress Cross Site Scripting
Es wurde eine problematische Schwachstelle in DBAR Productions Volunteer Sign Up Sheets Plugin bis 5.5.4 für WordPress gefunden. Es geht dabei um eine nicht klar definierte Funktion. Dank Manipulation mit ... read more
CVE-2025-48796 | GIMP ANI File Parser ani_load_image Pufferüberlauf
Es wurde eine kritische Schwachstelle in GIMP entdeckt. Betroffen hiervon ist die Funktion ani_load_image der Komponente ANI File Parser. Durch das Beeinflussen mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. ... read more
CVE-2025-27701 | Google Android process_crypto_cmd ptrs Pufferüberlauf
Es wurde eine Schwachstelle in Google Android entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion process_crypto_cmd. Durch das Manipulieren des Arguments ptrs mit unbekannten Daten kann eine ... read more
CVE-2025-27700 | Google Android Local Privilege Escalation
Eine problematische Schwachstelle wurde in Google Android ausgemacht. Dies betrifft einen unbekannten Teil. Mittels Manipulieren mit unbekannten Daten kann eine Local Privilege Escalation-Schwachstelle ausgenutzt werden. Auf source.android.com kann das Advisory ... read more
CVE-2024-56193 | Google Android Bluetooth Adapter Information Disclosure
In Google Android wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Komponente Bluetooth Adapter. Mittels dem Manipulieren mit unbekannten Daten kann eine Information Disclosure-Schwachstelle ausgenutzt werden. Bereitgestellt ... read more
CVE-2025-48370 | auth-js bis 2.69.0 API schwache Authentisierung (GHSA-8r88-6cj9-9fh5)
Es wurde eine kritische Schwachstelle in auth-js bis 2.69.0 ausgemacht. Es betrifft die Funktion getUserById/deleteUser/updateUserById/listFactors/deleteFactor der Komponente API. Durch Manipulation mit unbekannten Daten kann eine schwache Authentisierung-Schwachstelle ausgenutzt werden. Das ... read more
CVE-2025-2236 | OpenText Advanced Authentication bis 6.4 Local Privilege Escalation
In OpenText Advanced Authentication bis 6.4 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion. Mit der Manipulation mit unbekannten Daten kann eine Local Privilege ... read more
CVE-2025-48383 | codingjoe django-select2 bis 8.4.0 auf Select2 ModelSelect2MultipleWidget/ModelSelect2Widget Remote Code Execution (GHSA-wjrh-hj83-3wh7)
Eine kritische Schwachstelle wurde in codingjoe django-select2 bis 8.4.0 für Select2 gefunden. Hierbei geht es um die Funktion ModelSelect2MultipleWidget/ModelSelect2Widget. Durch die Manipulation mit unbekannten Daten kann eine Remote Code Execution-Schwachstelle ... read more
CVE-2025-48798 | GIMP XCF Image Parser Pufferüberlauf
Eine kritische Schwachstelle wurde in GIMP entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente XCF Image Parser. Dank der Manipulation mit unbekannten Daten kann eine Pufferüberlauf-Schwachstelle ... read more
Securing Your SSH authorized_keys File, (Tue, May 27th)
This is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain ... read more
CVE-2022-34026 | ICEcoder 8.1 pathname traversal
A vulnerability classified as critical has been found in ICEcoder 8.1. Affected is an unknown function. The manipulation leads to pathname traversal. This vulnerability is traded as CVE-2022-34026. Access to ... read more
CVE-2022-40088 | Simple College Website 1.0 index.php? page cross site scripting
A vulnerability, which was classified as problematic, was found in Simple College Website 1.0. This affects an unknown part of the file /college_website/index.php?. The manipulation of the argument page leads ... read more
CVE-2022-40089 | Simple College Website 1.0 file inclusion
A vulnerability, which was classified as critical, has been found in Simple College Website 1.0. Affected by this issue is some unknown functionality. The manipulation leads to file inclusion. This ... read more
CVE-2022-31937 | Netgear N300 1.0.0.70 uhttpd stack-based overflow
A vulnerability was found in Netgear N300 1.0.0.70. It has been classified as critical. Affected is an unknown function of the component uhttpd. The manipulation leads to stack-based buffer overflow. ... read more
CVE-2022-37234 | Netgear Nighthawk AC1900 1.0.11.134_10.2.119 Firmware wl strncpy stack-based overflow
A vulnerability classified as critical was found in Netgear Nighthawk AC1900 1.0.11.134_10.2.119. This vulnerability affects the function strncpy of the file wl of the component Firmware. The manipulation leads to ... read more
CVE-2022-37235 | Netgear Nighthawk AC1900 1.0.11.134_10.2.119 wl strncat stack-based overflow
A vulnerability has been found in Netgear Nighthawk AC1900 1.0.11.134_10.2.119 and classified as critical. Affected by this vulnerability is the function strncat of the file wl. The manipulation leads to ... read more
CVE-2022-35024 | OTFCC 617837b memmove-vec-unaligned-erms.S memory corruption
A vulnerability classified as critical has been found in OTFCC 617837b. Affected is an unknown function of the file /multiarch/memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. This vulnerability is traded ... read more
CVE-2022-40087 | Simple College Website 1.0 file_put_contents unrestricted upload
A vulnerability classified as critical was found in Simple College Website 1.0. Affected by this vulnerability is the function file_put_contents. The manipulation leads to unrestricted upload. This vulnerability is known ... read more
CVE-2025-44864 | Tenda W20E 15.11.0.6 formSetDebugCfg module command injection (EUVD-2025-13264)
A vulnerability was found in Tenda W20E 15.11.0.6. It has been classified as critical. This affects the function formSetDebugCfg. The manipulation of the argument module leads to command injection. This ... read more
CVE-2025-32884 | Tenna Mesh Device 1.1.12 Phone Number information disclosure (EUVD-2025-13280)
A vulnerability was found in Tenna Mesh Device 1.1.12 and classified as problematic. This issue affects some unknown processing of the component Phone Number Handler. The manipulation leads to information ... read more
CVE-2025-46633 | Tenda RX2 Pro 16.03.30.14 Web Management Portal cleartext transmission (EUVD-2025-13262)
A vulnerability, which was classified as problematic, has been found in Tenda RX2 Pro 16.03.30.14. Affected by this issue is some unknown functionality of the component Web Management Portal. The ... read more
CVE-2025-5159 | H3C SecCenter SMP-E1114P02 up to 20250513 /cfgFile/1/download Name path traversal
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of ... read more
CVE-2025-46630 | Tenda RX2 Pro 16.03.30.14 Web Management Portal /goform/ate access control (EUVD-2025-13266)
A vulnerability was found in Tenda RX2 Pro 16.03.30.14. It has been classified as critical. This affects an unknown part of the file /goform/ate of the component Web Management Portal. ... read more
CVE-2025-32890 | Tenna Mesh Device 1.1.12 integrity check (EUVD-2025-13274)
A vulnerability, which was classified as problematic, has been found in Tenna Mesh Device 1.1.12. This issue affects some unknown processing. The manipulation leads to improper validation of integrity check ... read more

integratus systems © 2025

KAVI IS iCOMMEX Platform v 02.25 Tuesday, June 17, 2025

Login

Login to integratus systems Exchange Platform Services

Forgot password?

Register Now

Hello

Your Account Type is
Your Mail Id is
Your Username is

Security Briefing Search

PDF Library Search

Factory Bits Search

Reset Password

Reset Password

You have no permission to access this content