CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

June 10, 2025

CVE ID : CVE-2025-35940

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5980 – Code-projects Restaurant Order System SQL Injection Vulnerability

Next Article CVE-2025-5978 – Tenda FH1202 Stack-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-5699 – WordPress Developer Formatter Stored Cross-Site Scripting Vulnerability

June 6, 2025

CVE ID : CVE-2025-5699

Published : June 6, 2025, 7:15 a.m. | 33 minutes ago

Description : The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

CVE-2025-3599 – Symantec Endpoint Protection ERASER Engine Elevation of Privilege Vulnerability

CVE-2025-47764 – Apache HTTP Server Unvalidated User Input

Google NotebookLM Launches Audio Overviews in 50+ Languages, Expanding Global Accessibility for AI Summarization

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

CVE-2025-5699 – WordPress Developer Formatter Stored Cross-Site Scripting Vulnerability

New Xbox Game Pass Games (May 2025 Wave 2)

CVE-2025-46333 – Z2D Stride Compositor Out-of-Bounds Write

FOSS Weekly #25.26: Torvalds-Gates Showdown, Hyprland Premium, Fedora’s 32-bit Debacle, Xfce Themes and More Linux Stuff

CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

Related Posts