CVE-2025-48782 – Soar Cloud HRD File Upload Command Execution Vulnerability

June 6, 2025

CVE ID : CVE-2025-48782

Published : June 6, 2025, 10:15 a.m. | 1 hour, 34 minutes ago

Description : An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48783 – Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

Next Article CVE-2025-48781 – Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

Highlights

CVE-2025-37813 – Etron USB XHCI Invalid Pointer Dereference Vulnerability

May 8, 2025

CVE ID : CVE-2025-37813

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix invalid pointer dereference in Etron workaround

This check is performed before prepare_transfer() and prepare_ring(), so
enqueue can already point at the final link TRB of a segment. And indeed
it will, some 0.4% of times this code is called.

Then enqueue + 1 is an invalid pointer. It will crash the kernel right
away or load some junk which may look like a link TRB and cause the real
link TRB to be replaced with a NOOP. This wouldn’t end well.

Use a functionally equivalent test which doesn’t dereference the pointer
and always gives correct result.

Something has crashed my machine twice in recent days while playing with
an Etron HC, and a control transfer stress test ran for confirmation has
just crashed it again. The same test passes with this patch applied.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

July 3, 2025

Build the ultimate Surface Pro 12-inch with these new accessories

May 10, 2025

Alibaba Introduces Group Sequence Policy Optimization (GSPO): An Efficient Reinforcement Learning Algorithm that Powers the Qwen3 Models

August 7, 2025

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-48782 – Soar Cloud HRD File Upload Command Execution Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

CVE-2025-53910 – Mattermost Confluence Plugin Authentication Bypass

Rufus 4.8 speeds up Windows ISO handling with major wimlib upgrade

Linux Networking: Mastering VLAN Trunking, Bonding, and QoS for High-Performance Systems

Supercharge generative AI workflows with NVIDIA DGX Cloud on AWS and Amazon Bedrock Custom Model Import

CVE-2025-37813 – Etron USB XHCI Invalid Pointer Dereference Vulnerability

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Build the ultimate Surface Pro 12-inch with these new accessories

Alibaba Introduces Group Sequence Policy Optimization (GSPO): An Efficient Reinforcement Learning Algorithm that Powers the Qwen3 Models

CVE-2025-48782 – Soar Cloud HRD File Upload Command Execution Vulnerability

Related Posts