CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

June 12, 2025

CVE ID : CVE-2025-49191

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49186 – Apache HTTP Server Authentication Bypass

Next Article CVE-2025-49188 – Apache HTTP Server Authentication Credentials Exposure Vulnerability

Highlights

CVE-2024-11185 – Arista EOS VLAN Isolation Bypass

May 27, 2025

CVE ID : CVE-2024-11185

Published : May 27, 2025, 11:15 p.m. | 1 hour, 44 minutes ago

Description : On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Melding data, systems, and society

CVE-2025-48907 – Apache IPC Deserialization Vulnerability

CVE-2025-27532 – “ctrlX OS Web Application Backup & Restore Authentication Bypass”

Play Ransomware Group Used Windows Zero-Day

CVE-2024-11185 – Arista EOS VLAN Isolation Bypass

CVE-2025-28389 – OpenC3 COSMOS Password Bypass Vulnerability

Tribblix is an illumos-based operating system with a retro style

How to use Lottie animations

CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

Related Posts