CVE-2020-26799 – A reflected cross-site scripting (XSS) vulnerabili

July 21, 2025

CVE ID : CVE-2020-26799

Published : July 21, 2025, 7:15 p.m. | 4 hours, 59 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users’ data.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7319 – IrfanView CADImage Plugin DWG File Parsing Out-Of-

Next Article CVE-2025-36846 – An issue was discovered in Eveo URVE Web Manager 2

Highlights

CVE-2025-48795 – Apache CXF Unencrypted Temporary File Log Exposure Denial of Service

July 15, 2025

CVE ID : CVE-2025-48795

Published : July 15, 2025, 3:15 p.m. | 1 hour, 19 minutes ago

Description : Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.

Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2020-26799 – A reflected cross-site scripting (XSS) vulnerabili

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Top 5 desktop PC case features that I can’t live without — and neither should you

PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

My favorite Garmin feature comes to its new Forerunner watch

CVE-2025-5783 – PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE-2025-48795 – Apache CXF Unencrypted Temporary File Log Exposure Denial of Service

Multi-tenancy in RAG applications in a single Amazon Bedrock knowledge base with metadata filtering

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

CVE-2025-5693 – PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE-2020-26799 – A reflected cross-site scripting (XSS) vulnerabili

Related Posts