CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

May 20, 2025

CVE ID : CVE-2025-40635

Published : May 20, 2025, 1:15 p.m. | 1 hour, 34 minutes ago

Description : SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4978 – Netgear DGND3700 Basic Authentication Remote Authentication Bypass Vulnerability

Next Article CVE-2025-41229 – VMware Cloud Foundation Directory Traversal Vulnerability

Highlights

CVE-2025-4883 – D-Link DI-8100 ASP Context Buffer Overflow

May 18, 2025

CVE ID : CVE-2025-4883

Published : May 18, 2025, 3:15 p.m. | 9 hours, 9 minutes ago

Description : A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

The best smart glasses unveiled at I/O 2025 weren’t made by Google

Google’s upcoming AI smart glasses may finally convince me to switch to a pair full-time

I tried Samsung’s Project Moohan XR headset at I/O 2025 – and couldn’t help but smile

Is Google’s $250-per-month AI subscription plan worth it? Here’s what’s included

IOT and API Integration With MuleSoft: The Road to Seamless Connectivity

IOT and API Integration With MuleSoft: The Road to Seamless Connectivity

Celebrating GAAD by Committing to Universal Design: Low Physical Effort

Celebrating GAAD by Committing to Universal Design: Flexibility in Use

Microsoft open-sources Windows Subsystem for Linux at Build 2025

Microsoft open-sources Windows Subsystem for Linux at Build 2025

Microsoft Brings Grok 3 AI to Azure with Guardrails and Enterprise Controls

You won’t have to pay a fee to publish apps to Microsoft Store

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Dutch Espionage Law Update 2025: Cyber Offenses Now Punishable by Up to 12 Years

Millions of Node.js Apps at Risk Due to Critical Multer Vulnerabilities

CVE-2025-47655 – themarketer2023 CSRF Stored XSS Vulnerability

How to Use AI for Development Assistance in Google Chrome

CTEM in the Spotlight: How Gartner’s New Categories Help to Manage Exposures

CVE-2025-4142 – Netgear EX6200 Remote Buffer Overflow Vulnerability

CVE-2025-4883 – D-Link DI-8100 ASP Context Buffer Overflow

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

j-DataGrid – Total.js UI component part 2

LWiAI Podcast #198 – DeepSeek R1 & Janus, Qwen2.5, OpenAI Agents

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Related Posts