CVE-2025-48127 – “App Cheap Push Notification Authorization Bypass”

May 16, 2025

CVE ID : CVE-2025-48127

Published : May 16, 2025, 4:15 p.m. | 47 minutes ago

Description : Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48120 – MapSVG Lite Code Injection Vulnerability

Next Article CVE-2025-48131 – Elementor Lite Cross-Site Scripting Vulnerability

Highlights

CVE-2025-43847 – VITS Voice Changing Framework Remote Code Execution

May 5, 2025

CVE ID : CVE-2025-43847

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to the extract_small_model function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-48127 – “App Cheap Push Notification Authorization Bypass”

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

RoboCat: A self-improving robotic agent

CVE-2025-6676 – Drupal Simple XML Sitemap Cross-Site Scripting (XSS)

CVE-2025-39355 – FAT Services Booking SQL Injection

Empowering YouTube creators with generative AI

CVE-2025-43847 – VITS Voice Changing Framework Remote Code Execution

CVE-2025-5755 – SourceCodester Open Source Clinic Management System SQL Injection

ALPHAONE: A Universal Test-Time Framework for Modulating Reasoning in AI Models

How climate tech startups are building foundation models with Amazon SageMaker HyperPod

CVE-2025-48127 – “App Cheap Push Notification Authorization Bypass”

Related Posts