CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

May 12, 2025

CVE ID : CVE-2025-4558

Published : May 12, 2025, 4:15 a.m. | 4 hours, 17 minutes ago

Description : The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user’s password and use the modified password to log into the system.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

Next Article Rilasciato Kitty 0.42: Terminale Accelerato da GPU con Accesso Rapido in Stile Quake

Highlights

CVE-2025-48387 – Tar-fs Directory Traversal Vulnerability

June 2, 2025

CVE ID : CVE-2025-48387

Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago

Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

The ethics of advanced AI assistants

Helldivers 2’s Xbox Launch Marks a New Era in Gaming Collaboration

HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication

CVE-2025-1731 and CVE-2025-1732 impacts Zyxel Firewalls

CVE-2025-48387 – Tar-fs Directory Traversal Vulnerability

CVE-2025-39405 – Mojoomla WPAMS Privilege Escalation Vulnerability

CVE-2025-4874 – “PHPGurukul News Portal Project SQL Injection Vulnerability”

“Create a replica of this image. Don’t change anything” AI trend takes off

CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

Related Posts