CVE-2025-5521 – WuKongOpenSource WukongCRM Cross-Site Request Forgery Vulnerability

June 3, 2025

CVE ID : CVE-2025-5521

Published : June 3, 2025, 7:15 p.m. | 15 minutes ago

Description : A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5522 – Jack0240 魏 bskms 蓝天幼儿园管理系统 Unauthenticated Remote Authorization Bypass Vulnerability

Next Article CVE-2025-48998 – DataEase Arbitrary File Deserialization

Highlights

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

April 20, 2025

CVE ID : CVE-2025-3801

Published : April 19, 2025, 2:15 p.m. | 14 hours, 38 minutes ago

Description : A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5521 – WuKongOpenSource WukongCRM Cross-Site Request Forgery Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Bottles: Un Appello alla Comunità per il Sostegno e la Crescita

CVE-2025-22233 – Spring Framework Disallowed Fields Bypass Vulnerability

CVE-2025-48947 – Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

CVE-2025-47673 – Arconix Shortcodes Cross-site Scripting (XSS)

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

CVE-2025-6333 – PHPGurukul Directory Management System SQL Injection Vulnerability

CVE-2025-7067 – HDF5 Heap-Based Buffer Overflow

CVE-2025-40668 – TCMAN GIM Authentication Bypass

CVE-2025-5521 – WuKongOpenSource WukongCRM Cross-Site Request Forgery Vulnerability

Related Posts