CVE-2025-6736 – Juzaweb CMS Remote Authorization Bypass Vulnerability

June 26, 2025

CVE ID : CVE-2025-6736

Published : June 27, 2025, 12:15 a.m. | 1 hour, 18 minutes ago

Description : A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6738 – Huija Bicycle Sharing Server SQL Injection Vulnerability

Next Article CVE-2025-6735 – Juzaweb CMS Remote Improper Authorization Vulnerability

Highlights

CVE-2025-49596 – MCP Inspector Remote Code Execution Vulnerability

June 13, 2025

CVE ID : CVE-2025-49596

Published : June 13, 2025, 8:15 p.m. | 43 minutes ago

Description : The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-6736 – Juzaweb CMS Remote Authorization Bypass Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-47908 – Apache Middleware Denial of Service Vulnerability

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response

CVE-2025-45322 – Kashipara Online Service Management Portal SQL Injection Vulnerability

April 2025 Wallpapers Edition

CVE-2025-49596 – MCP Inspector Remote Code Execution Vulnerability

CVE-2024-42699 – OpenCMS Cross-Site Scripting (XSS)

CISA Releases ICS Advisories Covering Vulnerabilities & Exploits

Kong AI Gateway updated with features to reduce LLM hallucination and protect sensitive personal data

CVE-2025-6736 – Juzaweb CMS Remote Authorization Bypass Vulnerability

Related Posts