CVE-2025-5353 – Ivanti Workspace Control SQL Credential Decryption Vulnerability

June 10, 2025

CVE ID : CVE-2025-5353

Published : June 10, 2025, 3:15 p.m. | 2 hours, 25 minutes ago

Description : A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46612 – Airleader Master and Easy JSP File Upload Remote Command Execution

Next Article CVE-2025-5335 – Autodesk Installer Privilege Escalation Vulnerability

Highlights

CVE-2025-5285 – WooCommerce Stored Cross-Site Scripting Vulnerability

May 31, 2025

CVE ID : CVE-2025-5285

Published : May 31, 2025, 7:15 a.m. | 2 hours, 27 minutes ago

Description : The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-5353 – Ivanti Workspace Control SQL Credential Decryption Vulnerability

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

BlueBubbles is a cross-platform app ecosystem

CVE-2025-3903 – Drupal UEditor – 百度编辑器 File Inclusion Vulnerability

FloQast builds an AI-powered accounting transformation solution with Anthropic’s Claude 3 on Amazon Bedrock

4Chan: destructive hoaxes and the Internet of Not Things

CVE-2025-5285 – WooCommerce Stored Cross-Site Scripting Vulnerability

CVE-2025-48063 – XWiki Remote Code Execution via Required Rights Bypass

CVE-2025-49580 – XWiki Cross-Site Scripting (XSS) Vulnerability

Scalable Reinforcement Learning with Verifiable Rewards: Generative Reward Modeling for Unstructured, Multi-Domain Tasks

CVE-2025-5353 – Ivanti Workspace Control SQL Credential Decryption Vulnerability

Related Posts