CVE-2025-7216 – “Lty628 Aidigu PHP Object Handler Deserialization Vulnerability”

July 9, 2025

CVE ID : CVE-2025-7216

Published : July 9, 2025, 5:15 a.m. | 1 hour, 22 minutes ago

Description : A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7217 – Campcodes Payroll Management System SQL Injection Vulnerability

Next Article CVE-2025-7215 – FNKvision FNK-GU2 Cleartext Storage of Sensitive Information Vulnerability

Highlights

CVE-2025-49583 – XWiki Cross-Site Notification Vulnerability

June 13, 2025

CVE ID : CVE-2025-49583

Published : June 13, 2025, 5:15 p.m. | 51 minutes ago

Description : XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-3999 – Seeyon Zhiyuan OA Web Application System Cross-Site Scripting Vulnerability

April 28, 2025

Meet CoAct-1: A Novel Multi-Agent System that Synergistically Combines GUI-based Control with Direct Programmatic Execution

August 7, 2025

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

June 3, 2025

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

Google Pixel 10 Pro vs. iPhone 16 Pro: I’ve used both handsets, and there’s a clear winner

Master these 48 Windows keyboard shortcuts and finish work early

Why the Pixel 10 is making this longtime iPhone user reconsider their next phone

Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7: I compared both Androids, and here’s the winner

PERFIXION 2025: Powering AI Ideas

PERFIXION 2025: Powering AI Ideas

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Reports say Windows 11 update is bricking drives — is yours on the list?

Razer finally remembered I don’t live in China, so now we can all get this cool Gengar gaming headset

CVE-2025-7216 – “Lty628 Aidigu PHP Object Handler Deserialization Vulnerability”

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

Microsoft to Move Copilot Previews to iOS While Editing Returns to Office Apps

CVE-2025-52440 – Cisco Webex Meeting Server Authentication Bypass

CVE-2025-3603 – Flynax Bridge for WordPress Privilege Escalation Vulnerability

Building APIs with GraphQL and Flask: A Complete Developer Guide

CVE-2025-49583 – XWiki Cross-Site Notification Vulnerability

CVE-2025-3999 – Seeyon Zhiyuan OA Web Application System Cross-Site Scripting Vulnerability

Meet CoAct-1: A Novel Multi-Agent System that Synergistically Combines GUI-based Control with Direct Programmatic Execution

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

CVE-2025-7216 – “Lty628 Aidigu PHP Object Handler Deserialization Vulnerability”

Related Posts