CVE-2025-5136 – Tmall Payment Identifier Handler Insecure Randomness Remote Vulnerability

May 24, 2025

CVE ID : CVE-2025-5136

Published : May 25, 2025, 12:15 a.m. | 39 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5137 – DedeCMS Distant Code Injection Vulnerability

Next Article CVE-2025-5135 – Tmall Demo Cross-Site Scripting Vulnerability

Highlights

CVE-2025-6568 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

June 24, 2025

CVE ID : CVE-2025-6568

Published : June 24, 2025, 3:15 p.m. | 3 hours, 38 minutes ago

Description : A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-5136 – Tmall Payment Identifier Handler Insecure Randomness Remote Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CVE-2025-53752 – Apache HTTP Server Unvalidated User Input

Google Quietly Tests Opal, a “Vibe-Coding” App That Turns Text into Mini Web Apps

nsupdate.info – software used to implement a free dynamic DNS service

CVE-2025-53770 – Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2025-6568 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

CVE-2025-48057 – Icinga 2 OpenSSL Certificate Validation Bypass

Model Context Protocol (MCP) vs Function Calling: A Deep Dive into AI Integration Architectures

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

CVE-2025-5136 – Tmall Payment Identifier Handler Insecure Randomness Remote Vulnerability

Related Posts