CVE-2025-4383 – Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot Authentication Abuse Bypass

June 24, 2025

CVE ID : CVE-2025-4383

Published : June 24, 2025, 4:15 p.m. | 2 hours, 38 minutes ago

Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50693 – PHPGurukul Online DJ Booking Management System IDOR Vulnerability

Next Article CVE-2025-44531 – Realtek RTL8762EKF-EVB Bluetooth Denial of Service

Highlights

CVE-2025-49584 – XWiki Information Disclosure Vulnerability

June 13, 2025

CVE ID : CVE-2025-49584

Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

Description : XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default for an XWiki installation. This allows an attacker to get titles of pages whose reference is known, one title per request. This doesn’t affect fully private wikis as the REST endpoint checks access rights on the XClass definition. The impact on confidentiality depends on the strategy for page names. By default, page names match the title, so the impact should be low but if page names are intentionally obfuscated because the titles are sensitive, the impact could be high. This has been fixed in XWiki 16.4.7, 16.10.3 and 17.0.0 by adding access control checks before getting the title of any page.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-39410 – Themegusta Smart Sections Theme Builder – WPBakery Page Builder Addon Deserialization of Untrusted Data Vulnerability

May 19, 2025

Verizon will give you an iPhone 16 Plus (or 4) with no trade-in – here’s how

June 24, 2025

AI updates from the past week: OpenAI Codex, AWS Transform for .NET, and more — May 16, 2025

May 17, 2025

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4383 – Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot Authentication Abuse Bypass

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Google Play Console gets a makeover to provide app developers with easier access to insights into performance and quality

CVE-2025-43850 – Apache Retrieval-Based Voice Conversion WebUI Remote Code Execution

Embed an AI operator into your SaaS with just one line of code.

CVE-2025-37110 – HPE Telco Network Function Virtual Orchestrator Information Disclosure

CVE-2025-49584 – XWiki Information Disclosure Vulnerability

CVE-2025-39410 – Themegusta Smart Sections Theme Builder – WPBakery Page Builder Addon Deserialization of Untrusted Data Vulnerability

Verizon will give you an iPhone 16 Plus (or 4) with no trade-in – here’s how

AI updates from the past week: OpenAI Codex, AWS Transform for .NET, and more — May 16, 2025

CVE-2025-4383 – Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot Authentication Abuse Bypass

Related Posts