CVE-2025-4338 – Lantronix Device Installer XXE Injection Vulnerability

May 22, 2025

CVE ID : CVE-2025-4338

Published : May 22, 2025, 11:15 p.m. | 1 hour, 35 minutes ago

Description : Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4562 – “Apache HTTP Server Remote Code Execution”

Next Article CVE-2025-48371 – OpenFGA Authorization Bypass Vulnerability

Highlights

CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

May 30, 2025

CVE ID : CVE-2025-4659

Published : May 30, 2025, 6:15 a.m. | 3 hours, 21 minutes ago

Description : The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-4338 – Lantronix Device Installer XXE Injection Vulnerability

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

CVE-2025-31930 – Schneider Electric Modbus Remote Control Vulnerability

I love MidJourney’s latest AI image generator, but there’s just one catch

lscoltui lets you change the colours of ls

CVE-2025-50201 – WeGIA Web Manager OS Command Injection Vulnerability

CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

CVE-2025-28168 – Outsystems Unrestricted File Upload Vulnerability

Top 10 new Windows 11 features and changes unveiled via the Insider Program in June 2025 — and where to find them

CVE-2025-32401 – RT-Labs P-Net Heap-based Buffer Overflow

CVE-2025-4338 – Lantronix Device Installer XXE Injection Vulnerability

Related Posts