CVE-2022-45125 – Apache HTTP Server Authentication Bypass

May 28, 2025

CVE ID : CVE-2022-45125

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2022-46729 – Apache Struts Deserialization Vulnerability

Next Article CVE-2022-45120 – Apache Struts Cross-Site Scripting Vulnerability

Highlights

CVE-2025-43856 – Immich OAuth2 CSRF Account Hijacking Vulnerability

July 11, 2025

CVE ID : CVE-2025-43856

Published : July 11, 2025, 5:15 p.m. | 3 hours, 50 minutes ago

Description : immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow this unpredictable token is generated and somehow saved in the browser session and passed to the identity provider, which will return the state parameter when redirecting the user back to immich. Before the user is logged in that parameter needs to be verified to make sure the login was actively initiated by the user in this browser session. On it’s own, this wouldn’t be too bad, but when immich uses the /user-settings page as a redirect_uri, it will automatically link the accounts if the user was already logged in. This means that if someone has an immich instance with a public oauth provider (like google), an attacker can – for example – embed a hidden iframe in a webpage or even just send the victim a forged oauth login url with a code that logs the victim into the attackers oauth account and redirects back to immich and links the accounts. After this, the attacker can log into the victims account using their own oauth credentials. This vulnerability is fixed in 1.132.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

“A future has been stolen from many of us” — ZeniMax Online Studios devs will reportedly soon be hit by Microsoft’s Xbox layoffs after the MMO Phil Spencer loved was cancelled

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

CVE-2022-45125 – Apache HTTP Server Authentication Bypass

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Xbox Cloud Gaming’s “Stream Your Own Game” feature comes to the Xbox PC app — live for Insiders today

muttum – guess a word in few attempts

CVE-2025-7471 – Modern Bag SQL Injection Vulnerability

Blurble is a word guessing game

CVE-2025-43856 – Immich OAuth2 CSRF Account Hijacking Vulnerability

Introducing Gemma 3

CVE-2025-4391 – WordPress Echo RSS Feed Post Generator Arbitrary File Upload Vulnerability

CVE-2022-50232 – Linux Kernel ARM64 UXN Set Vulnerability

CVE-2022-45125 – Apache HTTP Server Authentication Bypass

Related Posts