CVE-2025-5510 – Shiyi-Blog Remote Server-Side Request Forgery (SSRF) Vulnerability

June 3, 2025

CVE ID : CVE-2025-5510

Published : June 3, 2025, 5:15 p.m. | 2 hours, 15 minutes ago

Description : A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30360 – Webpack-dev-server Cross-site WebSocket Hijacking Vulnerability

Next Article CVE-2025-5511 – “Quequnlong Shiyi-Blog Remote Unauthorized File Access Vulnerability”

Highlights

CVE-2025-0072 – Arm Ltd Valhall GPU Kernel Driver After Free Vulnerability

May 2, 2025

CVE ID : CVE-2025-0072

Published : May 2, 2025, 10:15 a.m. | 2 hours, 58 minutes ago

Description : Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.

This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5510 – Shiyi-Blog Remote Server-Side Request Forgery (SSRF) Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Millions of Windows XP disks secretly included Microsoft’s failed search assistant to keep pirates at bay — “Bob was actually more useful dead than alive”

Juan Cardona Leads Data Innovation Across Latin America

Understanding Input Selectivity in Mamba

CVE-2023-53140 – “Linux Kernel SCSI Core /proc/scsi Directory Removal Vulnerability”

CVE-2025-0072 – Arm Ltd Valhall GPU Kernel Driver After Free Vulnerability

How to show app labels in the Taskbar for Windows 11

Kritieke kwetsbaarheid in Wing FTP Server actief misbruikt bij aanvallen

CVE-2025-49442 – Mostafa Shahiri Simple Nested Menu Cross-Site Scripting

CVE-2025-5510 – Shiyi-Blog Remote Server-Side Request Forgery (SSRF) Vulnerability

Related Posts