Overview CVE-2025-66573 is a critical vulnerability identified in the Solstice Pod API, specifically affecting versions 5.5 and 6.2. This flaw stems from an unauthenticated API endpoint (`/api/config`) that inadvertently exposes sensitive information. This information includes the session key, server version, product details, and the display name of the Solstice Pod. The lack of authentication on this endpoint allows unauthorized users to access and extract live session information, potentially leading to various security risks. Technical Details The vulnerability resides in the `/api/config` endpoint of the Solstice Pod API. This endpoint, designed to provide configuration details, lacks proper authentication mechanisms in versions…

Overview A critical security vulnerability, identified as CVE-2025-66572, has been discovered in Loaded Commerce version 6.6. This vulnerability is a client-side template injection (CSTI) flaw that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability is triggered through the search parameter, making exploitation relatively straightforward. Technical Details Loaded Commerce 6.6 is susceptible to client-side template injection due to insufficient sanitization of user-supplied input within the search functionality. An attacker can inject malicious code into the search parameter, which, when processed by the server-side templating engine, results in code execution. Specifically, the unauthenticated attacker can inject template language…

Overview A critical PHP Object Injection vulnerability, identified as CVE-2025-66571, has been discovered in UNA CMS. This vulnerability affects versions 9.0.0-RC1 through 14.0.0-RC4. The flaw resides in the BxBaseMenuSetAclLevel.php file and stems from the improper handling of the profile_id POST parameter, which is passed to the unserialize() function without sufficient sanitization. This allows remote, unauthenticated attackers to inject arbitrary PHP objects, potentially leading to arbitrary PHP code execution on the affected server. Technical Details The core of the vulnerability lies in the BxBaseMenuSetAclLevel.php file. The script directly uses user-supplied input (the profile_id POST parameter) in the unserialize() function without prior…

Published: 2025-12-04T21:16:09.573 Overview This article details a critical security vulnerability, CVE-2025-66555, discovered in version 1.0.5 of the AirKeyboard iOS application. This vulnerability allows an unauthenticated attacker to inject arbitrary keystrokes directly into a victim’s iOS device in real-time, without any user interaction. This effectively grants the attacker full remote input control over the device. Technical Details CVE-2025-66555 stems from a missing authentication mechanism in the AirKeyboard app. The application, intended to allow users to control their computer via their iOS device, fails to properly authenticate incoming connections. This lack of authentication allows any attacker on the same network, or potentially…

Overview This article discusses CVE-2025-66479, a vulnerability discovered in Anthropic Sandbox Runtime, a lightweight tool designed to enforce filesystem and network restrictions on processes. This vulnerability allows sandboxed code to potentially bypass network restrictions, enabling unauthorized network requests outside the intended sandbox environment. Technical Details CVE-2025-66479 arises from a flaw in the network sandboxing logic of Anthropic Sandbox Runtime versions prior to 0.0.16. Specifically, if the sandbox policy *did not* explicitly configure any allowed domains, the sandbox runtime would fail to properly enforce the network sandbox. This meant that any network requests made by the sandboxed code would not be…

Overview CVE-2025-66237 details a significant security vulnerability affecting DCIM dcTrack platforms. The vulnerability stems from the use of default and hard-coded credentials for accessing the platform. Successful exploitation of this vulnerability could allow attackers to administer the database, escalate privileges within the platform, and even execute system commands on the host operating system. Technical Details The DCIM dcTrack platforms are susceptible to exploitation due to the presence of easily discoverable, default, and hard-coded credentials. These credentials, if unchanged from the default configuration, provide unauthorized access to critical components of the platform. An attacker who obtains these credentials can leverage them…

Overview A high-severity Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-65959, has been discovered in Open WebUI, a self-hosted artificial intelligence platform designed for offline operation. This vulnerability affects versions prior to 0.6.37. The flaw resides in the Notes PDF download functionality, allowing attackers to inject malicious JavaScript code that can be executed when a victim downloads a crafted note as a PDF. Successful exploitation can lead to session token theft, potentially granting attackers unauthorized access to user accounts, including administrative accounts. Technical Details The vulnerability stems from insufficient sanitization of Markdown content imported into Open WebUI’s Notes feature. An…

Overview CVE-2025-63896 describes a security vulnerability found in the Bluetooth Human Interface Device (HID) functionality of the JXL 9 Inch Car Android Double Din Player running Android v12.0. This flaw allows a remote attacker to inject arbitrary keystrokes into the device via a spoofed Bluetooth HID device. This can potentially lead to unauthorized access, data manipulation, or other malicious activities within the Android system. Technical Details The vulnerability stems from insufficient validation of the Bluetooth HID connection and data received by the JXL Android player. An attacker within Bluetooth range can impersonate a legitimate Bluetooth HID device (such as a…

Overview CVE-2025-55948 identifies a significant vulnerability within the role-based access control (RBAC) implementation of yzcheng90’s X-SpringBoot 6.0 framework. This flaw allows attackers to bypass intended authorization controls, potentially leading to privileged operations and data breaches. Technical Details The vulnerability stems from a fundamental design weakness where the frontend menu system and backend permission tables are not atomically synchronized. Specifically, updates to the frontend (e.g., revoking a user’s privilege, which removes a menu option) don’t immediately propagate to the backend permission table. This desynchronization creates a window of opportunity for attackers. Even though a user’s access is restricted through the web…

Overview A critical authentication bypass vulnerability, identified as CVE-2025-27935, has been discovered in the OTP Integration Kit for PingFederate. This flaw allows attackers to bypass multi-factor authentication (MFA) by manipulating the authentication state. Specifically, the server incorrectly advances the authentication process without properly validating the One-Time Password (OTP). Technical Details The vulnerability stems from a failure to properly enforce HTTP method validation and state validation within the OTP Integration Kit. An attacker can exploit this by sending crafted requests that circumvent the OTP verification step. By manipulating the request flow, the server incorrectly assumes successful OTP validation and proceeds to…