Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

April 25, 2025

Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package.
The flaw enables attackers to determine valid usernames through …

Published Date:
Apr 25, 2025 (2 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleCVE-2025-46482 – MyThemeShop WP Quiz Stored Cross-site Scripting Vulnerability

Next Article Google Ends Remote Work for Many: Return to Office or Leave

Highlights

CVE-2025-52880 – Komga EPUB XSS Attack Vector

June 24, 2025

CVE ID : CVE-2025-52880

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker perform actions on the victim’s behalf. When targeting an admin user, this can be combined with controlling a server-side command to achieve arbitrary code execution. For this vulnerability to be exploited, a malicious EPUB file has to be present in a Komga library, and subsequently accessed in the Epub reader by an admin user. Version 1.22.0 contains a patch for the issue.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

ChatGPT Spots Cancer Missed by Doctors; Woman Says It Saved Her Life

AI in Healthcare: Transforming Diagnosis, Treatment & Patient Care Excellence🧠

CVE-2025-37990 – “Broadcom brcm80211 WiFi Linux Kernel Uninitialized Variable Use”

SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells

CVE-2025-52880 – Komga EPUB XSS Attack Vector

Typed Arr Getters Added in Laravel 12.11

openSUSE Leap 16: Bridging Enterprise-Grade Stability with Community-Driven Innovation

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

Related Posts