Overview CVE-2025-66576 details a significant security vulnerability found in Remote Keyboard Desktop version 1.0.1. This flaw allows remote attackers to execute arbitrary system commands without authentication. The vulnerability stems from the improper handling of the rundll32.exe exported function export, enabling unauthenticated code execution. This poses a severe risk to systems running the vulnerable software. Technical Details The vulnerability in Remote Keyboard Desktop 1.0.1 arises from the way the application handles commands passed to the rundll32.exe utility. Specifically, the exported function export does not properly validate or sanitize input, allowing an attacker to inject malicious commands that will be executed with…

Overview CVE-2025-66575 details a critical security vulnerability affecting VeeVPN version 1.6.1. This unquoted service path vulnerability within the VeePNService allows remote attackers to potentially execute arbitrary code with elevated (LocalSystem) privileges. This exploit can be triggered during system startup or reboot, posing a significant risk to affected systems. Technical Details The vulnerability stems from the way Windows services are started. If the path to the executable for a service contains spaces and is not enclosed in quotes, Windows may attempt to execute parts of the path as separate executables. An attacker can exploit this by placing a malicious executable in…

Overview A cross-site scripting (XSS) vulnerability, identified as CVE-2025-66574, has been discovered in TranzAxis version 3.2.41.10.26. This flaw allows authenticated users to inject malicious scripts via the `Open Object in Tree` endpoint. Successful exploitation could lead to session cookie theft and potential privilege escalation, posing a significant risk to affected systems. Technical Details The vulnerability lies within the `Open Object in Tree` endpoint. Specifically, the application fails to properly sanitize user-supplied input before rendering it within the application’s context. An attacker, having valid user credentials, can inject arbitrary JavaScript code into the system. This code will then be executed in…

Overview CVE-2025-66573 is a critical vulnerability identified in the Solstice Pod API, specifically affecting versions 5.5 and 6.2. This flaw stems from an unauthenticated API endpoint (`/api/config`) that inadvertently exposes sensitive information. This information includes the session key, server version, product details, and the display name of the Solstice Pod. The lack of authentication on this endpoint allows unauthorized users to access and extract live session information, potentially leading to various security risks. Technical Details The vulnerability resides in the `/api/config` endpoint of the Solstice Pod API. This endpoint, designed to provide configuration details, lacks proper authentication mechanisms in versions…

Overview A critical security vulnerability, identified as CVE-2025-66572, has been discovered in Loaded Commerce version 6.6. This vulnerability is a client-side template injection (CSTI) flaw that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability is triggered through the search parameter, making exploitation relatively straightforward. Technical Details Loaded Commerce 6.6 is susceptible to client-side template injection due to insufficient sanitization of user-supplied input within the search functionality. An attacker can inject malicious code into the search parameter, which, when processed by the server-side templating engine, results in code execution. Specifically, the unauthenticated attacker can inject template language…

Overview A critical PHP Object Injection vulnerability, identified as CVE-2025-66571, has been discovered in UNA CMS. This vulnerability affects versions 9.0.0-RC1 through 14.0.0-RC4. The flaw resides in the BxBaseMenuSetAclLevel.php file and stems from the improper handling of the profile_id POST parameter, which is passed to the unserialize() function without sufficient sanitization. This allows remote, unauthenticated attackers to inject arbitrary PHP objects, potentially leading to arbitrary PHP code execution on the affected server. Technical Details The core of the vulnerability lies in the BxBaseMenuSetAclLevel.php file. The script directly uses user-supplied input (the profile_id POST parameter) in the unserialize() function without prior…

Published: 2025-12-04T21:16:09.573 Overview This article details a critical security vulnerability, CVE-2025-66555, discovered in version 1.0.5 of the AirKeyboard iOS application. This vulnerability allows an unauthenticated attacker to inject arbitrary keystrokes directly into a victim’s iOS device in real-time, without any user interaction. This effectively grants the attacker full remote input control over the device. Technical Details CVE-2025-66555 stems from a missing authentication mechanism in the AirKeyboard app. The application, intended to allow users to control their computer via their iOS device, fails to properly authenticate incoming connections. This lack of authentication allows any attacker on the same network, or potentially…

Overview This article discusses CVE-2025-66479, a vulnerability discovered in Anthropic Sandbox Runtime, a lightweight tool designed to enforce filesystem and network restrictions on processes. This vulnerability allows sandboxed code to potentially bypass network restrictions, enabling unauthorized network requests outside the intended sandbox environment. Technical Details CVE-2025-66479 arises from a flaw in the network sandboxing logic of Anthropic Sandbox Runtime versions prior to 0.0.16. Specifically, if the sandbox policy *did not* explicitly configure any allowed domains, the sandbox runtime would fail to properly enforce the network sandbox. This meant that any network requests made by the sandboxed code would not be…

Overview CVE-2025-66237 details a significant security vulnerability affecting DCIM dcTrack platforms. The vulnerability stems from the use of default and hard-coded credentials for accessing the platform. Successful exploitation of this vulnerability could allow attackers to administer the database, escalate privileges within the platform, and even execute system commands on the host operating system. Technical Details The DCIM dcTrack platforms are susceptible to exploitation due to the presence of easily discoverable, default, and hard-coded credentials. These credentials, if unchanged from the default configuration, provide unauthorized access to critical components of the platform. An attacker who obtains these credentials can leverage them…

Overview A high-severity Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-65959, has been discovered in Open WebUI, a self-hosted artificial intelligence platform designed for offline operation. This vulnerability affects versions prior to 0.6.37. The flaw resides in the Notes PDF download functionality, allowing attackers to inject malicious JavaScript code that can be executed when a victim downloads a crafted note as a PDF. Successful exploitation can lead to session token theft, potentially granting attackers unauthorized access to user accounts, including administrative accounts. Technical Details The vulnerability stems from insufficient sanitization of Markdown content imported into Open WebUI’s Notes feature. An…