CVE-2025-40673 – DinoRANK Unauthorized Invoice Access

May 28, 2025

CVE ID : CVE-2025-40673

Published : May 28, 2025, 11:15 a.m. | 20 minutes ago

Description : A Missing Authorization vulnerability has been found in DinoRANK. This
vulnerability allows an attacker to access invoices of any user via
accessing endpoint ‘/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf’ because there
is no access control. The pdf filename can be obtained via OSINT,
insecure network traffic or brute force.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciato Archinstall 3.0.7: Il programma di installazione guidata di Arch Linux supporta le istantanee Btrfs

Next Article CVE-2025-5295 – FreeFloat FTP Server Buffer Overflow Vulnerability

Highlights

CVE-2025-5608 – Tenda AC18 Buffer Overflow Vulnerability

June 4, 2025

CVE ID : CVE-2025-5608

Published : June 4, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-40673 – DinoRANK Unauthorized Invoice Access

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

CVE-2025-54655 – VMware Virtualization Graphics Module Race Condition Vulnerability

Thanks to Xbox’s price hike, the Series S is now more expensive than the PS5

GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

Top 15+ Most Affordable Proxy Providers 2025

CVE-2025-5608 – Tenda AC18 Buffer Overflow Vulnerability

CVE-2025-47753 – V-SFT SFT Edit Out-of-Bounds Read

CVE-2025-32970 – XWiki Open Redirect Vulnerability

CVE-2025-53314 – Sh1zen WP Optimizer CSRF-Enabled SQL Injection

CVE-2025-40673 – DinoRANK Unauthorized Invoice Access

Related Posts