Overview A significant security vulnerability, identified as CVE-2025-13292, was recently discovered in Apigee-X. This flaw allowed a malicious actor to potentially gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. This could have severe implications for data privacy and security. Technical Details CVE-2025-13292 stemmed … Read more
Overview CVE-2025-12505 is a medium-severity vulnerability affecting the weDocs plugin for WordPress, specifically versions up to and including 2.1.14. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify global plugin settings without proper authorization. The flaw resides in the inadequate permission checks within the create_item_permissions_check function, enabling unauthorized access and potential misuse … Read more
Overview A critical security vulnerability, identified as CVE-2025-12510, has been discovered in the “Widgets for Google Reviews” WordPress plugin. This vulnerability is a Stored Cross-Site Scripting (XSS) flaw affecting all versions up to and including 13.2.4. This allows unauthenticated attackers to inject malicious JavaScript code into the admin panel and potentially the frontend of affected … Read more
Overview CVE-2025-11263 identifies a reflected Cross-Site Scripting (XSS) vulnerability found in the Link Whisper Free plugin for WordPress. This vulnerability affects all versions up to and including version 0.8.8. It allows unauthenticated attackers to inject arbitrary web scripts into pages if they can successfully trick a user into clicking a specially crafted link. The vulnerability … Read more
Overview CVE-2025-66629 identifies a Cross-Site Request Forgery (CSRF) vulnerability affecting HedgeDoc, an open-source, real-time collaborative markdown notes application. Specifically, certain OAuth2 endpoints responsible for social login via providers like Google, GitHub, GitLab, Facebook, and Dropbox lacked proper CSRF protection. This flaw existed in versions prior to 1.10.4. By not implementing a “state” parameter and verifying … Read more
Overview A critical vulnerability, identified as CVE-2025-34291, has been discovered in Langflow, an AI agent workflow platform. This chained vulnerability affects versions up to and including 1.6.9, potentially allowing attackers to gain full control of affected systems through account takeover and remote code execution (RCE). Technical Details The vulnerability stems from a combination of two … Read more
Overview A Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-14116, has been discovered in Yuxi-Know up to version 0.4.0. This vulnerability allows a remote attacker to potentially manipulate the server into making unintended requests, potentially exposing sensitive internal resources or interacting with external systems on the attacker’s behalf. The vulnerability resides within the OtherEmbedding.aencode function … Read more
Published: 2025-12-05T23:15:46.643 Overview A security vulnerability, identified as CVE-2025-14111, has been discovered in RAR for Android, specifically affecting versions up to 7.11 Build 127. This vulnerability allows for path traversal, potentially enabling attackers to access or manipulate files outside of the intended application directory. It’s crucial to update your RAR for Android application to version … Read more
Overview CVE-2025-14108 describes a critical command injection vulnerability found in ZSPACE Q2C NAS devices up to version 1.1.0210050. This flaw allows a remote attacker to execute arbitrary commands on the affected system. The vendor was notified but has not responded to the disclosure, making prompt mitigation crucial for users of these devices. Technical Details The … Read more
Overview A high-severity command injection vulnerability, identified as CVE-2025-14107, has been discovered in ZSPACE Q2C NAS devices up to version 1.1.0210050. This flaw allows remote attackers to execute arbitrary commands on the affected system. The vulnerability resides within the zfilev2_api.SafeStatus function of the /v2/file/safe/status endpoint, specifically through manipulation of the safe_dir argument via an HTTP … Read more