Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

February 12, 2025

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

Source: Read More

Previous ArticleNorth Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

Next Article West London Council Faces 20,000 Cyberattack Attempts Every Day Amid Growing Threats

Highlights

CVE-2025-35939 – Craft CMS Unauthenticated Session File Injection Vulnerability

May 7, 2025

CVE ID : CVE-2025-35939

Published : May 7, 2025, 11:15 p.m. | 20 minutes ago

Description : Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at `/var/lib/php/sessions`. Such session files are named `sess_[session_value]`, where `[session_value]` is provided to the client in a `Set-Cookie` response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How Red Hat just quietly, radically transformed enterprise server Linux

OpenAI wants ChatGPT to be your ‘super assistant’ – what that means

The best Linux VPNs of 2025: Expert tested and reviewed

One of my favorite gaming PCs is 60% off right now

`document.currentScript` is more useful than I thought.

`document.currentScript` is more useful than I thought.

Adobe Sensei and GenAI in Practice for Enterprise CMS

Over The Air Updates for React Native Apps

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

Microsoft says Copilot can use location to change Outlook’s UI on Android

TempoMail — Command Line Temporary Email in Linux

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

A Beginner’s Guide to Graphs — From Google Maps to Chessboards

How to Code Linked Lists with TypeScript: A Handbook for Developers

Meta’s ‘Pay or Consent’ Approach Faces E.U. Competition Rules Scrutiny

Rilasciato Blender 4.4: Prestazioni Ottimizzate con Vulkan e Altre Novità

Elevate Your Python AI Projects with MongoDB and Haystack

Microsoft Announces Mandatory MFA for Azure Sign-ins to Bolster Cloud Defenses

CVE-2025-35939 – Craft CMS Unauthenticated Session File Injection Vulnerability

Perplexity is the AI tool Google wishes Gemini could be

CVE-2025-4561 – KingFor KFOX Arbitrary File Upload Vulnerability

Conversion Rate Optimization: Maximizing Results with Data-Driven Strategies

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Related Posts