CVE-2024-55211 – Think Router Tk-Rt-Wr135G Authentication Bypass

April 21, 2025

CVE ID : CVE-2024-55211

Published : April 17, 2025, 6:15 p.m. | 3 days, 18 hours ago

Description : An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32408 – Soffid Console Java Deserialization Remote Code Execution

Next Article CVE-2025-29662 – LandChat Remote Code Execution (RCE)

Highlights

CVE-2025-46565 – Vite File Pattern Denial of Service

May 1, 2025

CVE ID : CVE-2025-46565

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using –host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

FOSS Weekly #25.15: Clapgrep, APT 3.0, Vibe Coding, AI in Firefox and More

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

4 ways your organization can adapt and thrive in the age of AI

Google’s new Search tool turns financial info into interactive charts – how to try it

This rugged Android phone has something I’ve never seen on competing models

Anthropic’s new AI models for classified info are already in use by US gov

Handling PostgreSQL Migrations in Node.js

Handling PostgreSQL Migrations in Node.js

How to Add Product Badges in Optimizely Configured Commerce Spire

Salesforce Health Check Assessment Unlocks ROI

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Amap – Gather Info in Easy Way

CVE-2024-55211 – Think Router Tk-Rt-Wr135G Authentication Bypass

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

The Lost CSS Tricks of Cohost.org

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Report: Xbox games on PlayStation sales data suggests a very mixed picture

JMeter on AWS: An Introduction to Scalable Load Testing

CVE-2025-46565 – Vite File Pattern Denial of Service

FOSS Weekly #25.15: Clapgrep, APT 3.0, Vibe Coding, AI in Firefox and More

Overlooked Accessibility Features You Should Be Using

Integrate generative AI capabilities into Microsoft Office using Amazon Bedrock

CVE-2024-55211 – Think Router Tk-Rt-Wr135G Authentication Bypass

Related Posts