Security

A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is

Recent news in security

CVE-2025-5125 | Custom Post Carousels with Owl Plugin up to 1.4.11 on WordPress cross site scripting

CVE-2025-6393 | TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request /boafrm/formIPv6Addr submit-url buffer overflow

CVE-2025-6394 | code-projects Simple Online Hotel Reservation System 1.0 /add_reserve.php firstname sql injection

Vendor

CERTs

Vulnerabilities

CVE-2025-6019: time to upgrade Linux | Kaspersky official blog

Attackers Actively Exploiting Critical Vulnerability in Motors Theme

CYBER GRU: Russian military intelligence in cyberspace

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 9, 2025 to June 15, 2025)

Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack

Everything you need to know about NIST’s new guidance in “SP 1800-35: Implementing a Zero Trust Architecture”

Shifting Gears: India’s Government Calls for Financial Cybersecurity Change

Tracking historical IP assignments with Defender for Endpoint logs

100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin

Mocha Manakin delivers custom NodeJS backdoor via paste and run

Ransomware: ‘WannaCry’ guidance for enterprise administrators

RT @cudeso: A @MISPProject tip of the week: A ‘soft’ delete propagates to other MISPs. A ‘hard’ delete removes the attribute on your instan…

RT @JeroenPinoy: The last couple of evenings I’ve been trying to help someone who fell victim to a ‘crypto investment’ scam. In short: she…

RT @MISPProject: Presentation of Cerebrate by @Iglocska at #FIRSTCTI22 the new open source tools developed in the scope of the MeliCERTes p…

RT @lookyloo_app: The v1.16 release is a pretty big one: thanks to Lacus, it is now possible to capture a website from another machine that…

“There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remot… https://t.co/XzeKglLfS4

“November 2022 updates for Microsoft Office” https://t.co/CghoovKw1m

The https://t.co/WLopIGLEjT typosquatting finder service has been updated, multiple bugs were fixed and some improv… https://t.co/kZQxUQqXp1

RT @MISPProject: A huge thank to all participants, organisers and speakers at @FIRSTdotOrg #FIRSTCTI22 in Berlin. It was a blast. Our MISP…

RT @campuscodi: The Microsoft November 2022 Patch Tuesday updates are out. 68 vulnerabilities fixed. Also, 4 zero-days: -CVE-2022-41128, J…

CVE-2025-5125 | Custom Post Carousels with Owl Plugin up to 1.4.11 on WordPress cross site scripting

CVE-2025-6393 | TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request /boafrm/formIPv6Addr submit-url buffer overflow

CVE-2025-6394 | code-projects Simple Online Hotel Reservation System 1.0 /add_reserve.php firstname sql injection

Ubuntu 20.04 LTS USN-7585-2 critical: Linux kernel information exposure

Ubuntu 20.04 LTS: USN-7585-1 critical: Linux kernel security flaws

CVE-2025-48058 | powsybl-core up to 6.7.1 redos (GHSA-rqpx-f6rc-7hm5 / EUVD-2025-18708)

CVE-2025-6264 | Rapid7 Velociraptor up to 0.74.2 VQL Query Admin.Client.UpdateClientConfig default permission

CVE-2025-49715 | Microsoft Dynamics 365 FastTrack Implementation exposure of private personal information to an unauthorized actor

CVE-2025-47771 | powsybl-core up to 6.7.1 SparseMatrix read deserialization (GHSA-f5cx-h789-j959 / EUVD-2025-18706)

CVE-2025-47293 | powsybl-core up to 6.7.1 XML Parser com.powsybl.commons.xml.XmlReader xml external entity reference (GHSA-qpj9-qcwx-8jv2 / EUVD-2025-18700)