CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

July 22, 2025

CVE ID : CVE-2025-44658

Published : July 21, 2025, 4:15 p.m. | 1 day, 8 hours ago

Description : In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7393 – Drupal Mail Login Authentication Bypass

Next Article GPT-5 is Coming: Revolutionizing Software Testing

Highlights

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5524

Published : June 19, 2025, 5:15 a.m. | 17 minutes ago

Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

Every Google Pixel Watch owner should know these 2 simple performance tricks

MidnightBSD is a BSD-derived operating system

Build real-time travel recommendations using AI agents on Amazon Bedrock

CVE-2025-46350 – YesWiki Reflected Cross-Site Scripting Vulnerability

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

How to Install Winget in Windows 11

Xbox has turned a corner — the future for Microsoft’s gaming platform once again looks incredibly bright

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

Related Posts