CVE-2025-53820 – WeGIA Reflected Cross-Site Scripting (XSS)

July 15, 2025

CVE ID : CVE-2025-53820

Published : July 14, 2025, 9:15 p.m. | 5 hours, 36 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5 contains a patch for the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53821 – WeGIA Open Redirect Vulnerability

Next Article CVE-2025-53819 – Nix Privilege Escalation Vulnerability

Highlights

CVE-2025-38169 – Linux Kernel ARM64 FPSIMD State Clobbering Vulnerability

July 3, 2025

CVE ID : CVE-2025-38169

Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP

On system with SME, a thread’s kernel FPSIMD state may be erroneously
clobbered during a context switch immediately after that state is
restored. Systems without SME are unaffected.

If the CPU happens to be in streaming SVE mode before a context switch
to a thread with kernel FPSIMD state, fpsimd_thread_switch() will
restore the kernel FPSIMD state using fpsimd_load_kernel_state() while
the CPU is still in streaming SVE mode. When fpsimd_thread_switch()
subsequently calls fpsimd_flush_cpu_state(), this will execute an
SMSTOP, causing an exit from streaming SVE mode. The exit from
streaming SVE mode will cause the hardware to reset a number of
FPSIMD/SVE/SME registers, clobbering the FPSIMD state.

Fix this by calling fpsimd_flush_cpu_state() before restoring the kernel
FPSIMD state.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This AI Paper from China Proposes a Novel Training-Free Approach DEER that Allows Large Reasoning Language Models to Achieve Dynamic Early Exit in Reasoning

April 26, 2025

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

July 10, 2025

KEditBookmarks is a bookmark organizer and editor

May 2, 2025

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

“A future has been stolen from many of us” — ZeniMax Online Studios devs will reportedly soon be hit by Microsoft’s Xbox layoffs after the MMO Phil Spencer loved was cancelled

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

CVE-2025-53820 – WeGIA Reflected Cross-Site Scripting (XSS)

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Pluto – simple reactive notebooks for Julia

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

Plover is a stenography engine

Master Reactivity in React: Derivations, Effects, and State Synch

CVE-2025-38169 – Linux Kernel ARM64 FPSIMD State Clobbering Vulnerability

This AI Paper from China Proposes a Novel Training-Free Approach DEER that Allows Large Reasoning Language Models to Achieve Dynamic Early Exit in Reasoning

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

KEditBookmarks is a bookmark organizer and editor

CVE-2025-53820 – WeGIA Reflected Cross-Site Scripting (XSS)

Related Posts