CVE-2025-46653 – Formidable File Name Guessing Vulnerability

April 26, 2025

CVE ID : CVE-2025-46653

Published : April 26, 2025, 9:15 p.m. | 1 hour, 48 minutes ago

Description : Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not “cryptographically secure.” (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46654 – CodiMD through 2.2.0 has a CSP-based protection me

Next Article Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching

Highlights

CVE-2025-7089 – Belkin F9K1122 Web Component Stack-Based Buffer Overflow Vulnerability

July 7, 2025

CVE ID : CVE-2025-7089

Published : July 6, 2025, 7:15 p.m. | 9 hours, 44 minutes ago

Description : A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-46653 – Formidable File Name Guessing Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Building an Advanced Portfolio Analysis and Market Intelligence Tool with OpenBB

Windows 11 KB5055627 update makes File Explorer more fluid

Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

Reduce ML training costs with Amazon SageMaker HyperPod

CVE-2025-7089 – Belkin F9K1122 Web Component Stack-Based Buffer Overflow Vulnerability

CVE-2025-1301 – Yordam Informatics Library Automation System Reflected Cross-site Scripting Vulnerability

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

CVE-2025-27526 – Apache InLong Deserialization of Untrusted Data JDBC Vulnerability

CVE-2025-46653 – Formidable File Name Guessing Vulnerability

Related Posts