CVE-2025-8529 – CloudFavorites Favorites-Web SSRF Vulnerability

August 4, 2025

CVE ID : CVE-2025-8529

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8530 – Elunez Eladmin Druid Default Credentials Vulnerability

Next Article CVE-2025-46093 – LiquidFiles FTP SETUID Setgid Remote Command Execution

Highlights

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

April 23, 2025

CVE ID : CVE-2025-3530

Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Student Performance Prediction System using Python Machine Learning (ML)

Student Performance Prediction System using Python Machine Learning (ML)

The attack on the npm ecosystem continues

Feature Highlight

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2025-8529 – CloudFavorites Favorites-Web SSRF Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Diagnosing and Fixing a Page Fault Performance Issue with Arm64 Atomics

CVE-2025-38155 – “Qualcomm Atheros mt76 Wireless Null Pointer Dereference Vulnerability”

CVE-2025-20186 – “Cisco Wireless LAN Controller Lobby Ambassador Command Injection Vulnerability”

New AI Framework Evaluates Where AI Should Automate vs. Augment Jobs, Says Stanford Study

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

elementary OS 8 Updates Deliver New Dock Features

Google DeepMind Introduces Aeneas: AI-Powered Contextualization and Restoration of Ancient Latin Inscriptions

CVE-2025-5928 – WordPress WP Sliding Login/Dashboard Panel CSRF Vulnerability

CVE-2025-8529 – CloudFavorites Favorites-Web SSRF Vulnerability

Related Posts