CVE-2025-39498 – Spotlight Spotlight Social Media Feeds (Premium) Sensitive Data Injection

May 26, 2025

CVE ID : CVE-2025-39498

Published : May 26, 2025, 2:15 p.m. | 2 hours, 42 minutes ago

Description : Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight – Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight – Social Media Feeds (Premium): from n/a through 1.7.1.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46804 – Screen Information Disclosure Vulnerability

Next Article CVE-2025-40663 – i2A Cronos Stored XSS

Highlights

CVE-2025-2773 – BEC Technologies Multiple Routers TCP Port 22 Command Injection Remote Code Execution Vulnerability

April 23, 2025

CVE ID : CVE-2025-2773

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-39498 – Spotlight Spotlight Social Media Feeds (Premium) Sensitive Data Injection

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

CVE-2025-44091 – Yangyouwang Crud XSS

nsupdate.info – software used to implement a free dynamic DNS service

CVE-2025-37888 – Intel Mellanox Linux Null Pointer Dereference Vulnerability

CVE-2025-2773 – BEC Technologies Multiple Routers TCP Port 22 Command Injection Remote Code Execution Vulnerability

CVE-2025-20129 – Cisco Customer Collaboration Platform (CCP) HTTP Request Manipulation Vulnerability

CVE-2025-7535 – Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE-2025-52979 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-39498 – Spotlight Spotlight Social Media Feeds (Premium) Sensitive Data Injection

Related Posts