CVE-2025-6533 – “Xxyopen Novel-Plus CATCHA Handler Authentication Bypass”

June 23, 2025

CVE ID : CVE-2025-6533

Published : June 24, 2025, 12:15 a.m. | 1 hour, 46 minutes ago

Description : A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34031 – Moodle LMS Jmol Plugin Path Traversal Vulnerability

Next Article CVE-2025-6532 – NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint Improper Access Control Vulnerability

Highlights

CVE-2025-5862 – Tenda AC7 PPTP Form Set Buffer Overflow Vulnerability

June 9, 2025

CVE ID : CVE-2025-5862

Published : June 9, 2025, 5:15 a.m. | 24 minutes ago

Description : A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-6533 – “Xxyopen Novel-Plus CATCHA Handler Authentication Bypass”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

Why Generalization in Flow Matching Models Comes from Approximation, Not Stochasticity

The best Amazon deals right now: Save on laptops, gadgets and more

How to Create Animated Videos for YouTube Using an Animation Video Maker

CVE-2025-5862 – Tenda AC7 PPTP Form Set Buffer Overflow Vulnerability

How To Fix Largest Contentful Paint Issues With Subpart Analysis

The Lenovo Legion Go 2 has leaked — here’s how it stacks up to the Xbox Ally X

The top-selling smartphone in 2025 so far might surprise you – here’s why

CVE-2025-6533 – “Xxyopen Novel-Plus CATCHA Handler Authentication Bypass”

Related Posts