CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

June 3, 2025

CVE ID : CVE-2025-5509

Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago

Description : A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23107 – Samsung Exynos Out-of-Bounds Write Vulnerability

Next Article CVE-2025-5508 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability

Highlights

CVE-2025-4473 – WordPress Frontend Dashboard Plugin Privilege Escalation Vulnerability

May 13, 2025

CVE ID : CVE-2025-4473

Published : May 13, 2025, 7:15 a.m. | 1 hour, 23 minutes ago

Description : The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CVE-2025-4318 Critical RCE in AWS Amplify Codegen UI

Your AirPods might (finally) get Live-translate, according to a new report

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

RogueGPT: Unveiling the Ethical Risks of Customizing ChatGPT

CVE-2025-4473 – WordPress Frontend Dashboard Plugin Privilege Escalation Vulnerability

SideWinder APT Group Targets Maritime Facilities in Possible Espionage Campaign

MMORPG Dune: Awakening finally gets release date and preorder info, but not for Xbox

Beware of fake AI tools masking very real malware threats

CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

Related Posts