CVE-2025-32011 – KUNBUS PiCtory Authentication Bypass Vulnerability

May 1, 2025

CVE ID : CVE-2025-32011

Published : May 1, 2025, 7:15 p.m. | 53 minutes ago

Description : KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

Next Article CVE-2025-35975 – MicroDicom DICOM Viewer Out-of-Bounds Write RCE

Highlights

CVE-2025-7327 – Google Reviews for WordPress Directory Traversal Vulnerability

July 8, 2025

CVE ID : CVE-2025-7327

Published : July 8, 2025, 6:15 a.m. | 36 minutes ago

Description : The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

With KB5055518, Windows 10 finally fixes a basic File Explorer issue

April 9, 2025

CVE-2025-2764 – CarlinKit CPC200-CCPA Update.cgi Cryptographic Signature Verification Bypass Code Execution Vulnerability

April 23, 2025

Borderlands 4 dev says it’s getting this beloved feature late — here’s why it won’t be at launch

June 24, 2025

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

CVE-2025-32011 – KUNBUS PiCtory Authentication Bypass Vulnerability

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

This month in security with Tony Anscombe – June 2025 edition

From Data to Drama

CVE-2025-46173 – Code-Projects Online Exam Mastering System Cross Site Scripting (XSS)

CVE-2025-5169 – Assimp MDLImporter Out-of-Bounds Read Vulnerability

CVE-2025-7327 – Google Reviews for WordPress Directory Traversal Vulnerability

With KB5055518, Windows 10 finally fixes a basic File Explorer issue

CVE-2025-2764 – CarlinKit CPC200-CCPA Update.cgi Cryptographic Signature Verification Bypass Code Execution Vulnerability

Borderlands 4 dev says it’s getting this beloved feature late — here’s why it won’t be at launch

CVE-2025-32011 – KUNBUS PiCtory Authentication Bypass Vulnerability

Related Posts