CVE-2025-42602 – Meon KYC Token Manipulation Vulnerability

April 23, 2025

CVE ID : CVE-2025-42602

Published : April 23, 2025, 11:15 a.m. | 3 hours, 43 minutes ago

Description : This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-42603 – Meon KYC Plain Text Data Exposure

Next Article CVE-2025-42601 – Meon KYC Captcha Bypass Vulnerability

Highlights

CVE-2025-48997 – Multer DoS Denial of Service Vulnerability

June 3, 2025

CVE ID : CVE-2025-48997

Published : June 3, 2025, 7:15 p.m. | 15 minutes ago

Description : Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-42602 – Meon KYC Token Manipulation Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Ubuntu 25.10 Switches to Rust-based sudo

Implementing Account Suspension in Laravel

CVE-2025-53097 – Roo Code Schema Fetching File Read and Write Vulnerability

Xbox is bringing more games to “Stream Your Own Game” for Cloud Gaming — as well as a feature we’ve wanted for years

CVE-2025-48997 – Multer DoS Denial of Service Vulnerability

CVE-2025-48278 – RSVPMarker SQL Injection

CVE-2025-6301 – PHPGurukul Notice Board System Cross-Site Scripting Vulnerability

1Password extends enterprise credential management beyond humans to AI agents

CVE-2025-42602 – Meon KYC Token Manipulation Vulnerability

Related Posts