CVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

June 18, 2025

CVE ID : CVE-2025-49590

Published : June 18, 2025, 11:15 p.m. | 2 hours, 47 minutes ago

Description : CryptPad is a collaboration suite. Prior to version 2025.3.0, the “Link Bouncer” functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an “early allow” code path that happens before the URI’s protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23121 – Apache Backup Server Remote Code Execution Vulnerability

Next Article CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Highlights

CVE-2025-37880 – Linux um Time-Travel Scheduling Vulnerability (Deadlock)

May 9, 2025

CVE ID : CVE-2025-37880

Published : May 9, 2025, 7:16 a.m. | 4 hours, 51 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

um: work around sched_yield not yielding in time-travel mode

sched_yield by a userspace may not actually cause scheduling in
time-travel mode as no time has passed. In the case seen it appears to
be a badly implemented userspace spinlock in ASAN. Unfortunately, with
time-travel it causes an extreme slowdown or even deadlock depending on
the kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS).

Work around it by accounting time to the process whenever it executes a
sched_yield syscall.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

CVE-2025-23121 – Apache Backup Server Remote Code Execution Vulnerability

CVE-2025-40656 – DM Corporative CMS SQL Injection Vulnerability

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

CVE-2025-32819 – SonicWall SMA SSLVPN File Deletion Vulnerability

Remove Collection Items Directly with Laravel’s forget Method

CVE-2025-37880 – Linux um Time-Travel Scheduling Vulnerability (Deadlock)

OpenAI Releases a Practical Guide to Building LLM Agents for Real-World Applications

CVE-2025-4429 – “Gearside Developer Dashboard WordPress Plugin Reflected Cross-Site Scripting”

CVE-2025-4534 – SunGrow Logger1000 Remote Weak Password Requirements Vulnerability

CVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

Related Posts