CVE-2025-49296 – Mikado-Themes GrandPrix Path Traversal PHP Local File Inclusion Vulnerability

June 9, 2025

CVE ID : CVE-2025-49296

Published : June 9, 2025, 4:15 p.m. | 25 minutes ago

Description : Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Local File Inclusion. This issue affects GrandPrix: from n/a through 1.6.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49297 – Mikado-Themes Grill and Chow PHP Local File Inclusion Vulnerability

Next Article CVE-2025-49295 – Mikado-Themes MediClinic Path Traversal PHP Local File Inclusion

Highlights

CVE-2025-6656 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

June 25, 2025

CVE ID : CVE-2025-6656

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26731.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-49296 – Mikado-Themes GrandPrix Path Traversal PHP Local File Inclusion Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

How fraudsters abuse Google Forms to spread scams

Kothay App: The New Sales Tracking & Management Software in a Very Affordable Price

Perplexity AI coming soon to these Samsung devices – report

Anthem’s Servers Will Shut Down for Good in January 2026

CVE-2025-6656 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

CVE-2025-5807 – WordPress Gwolle Guestbook Stored Cross-Site Scripting Vulnerability

CVE-2025-43856 – Immich OAuth2 CSRF Account Hijacking Vulnerability

Windows 11 25H2 Update: Minor Changes Expected in October 2025

CVE-2025-49296 – Mikado-Themes GrandPrix Path Traversal PHP Local File Inclusion Vulnerability

Related Posts