CVE-2025-46094 – LiquidFiles Arbitrary File Upload Vulnerability

August 4, 2025

CVE ID : CVE-2025-46094

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46093 – LiquidFiles FTP SETUID Setgid Remote Command Execution

Next Article CVE-2025-27212 – Ubiquiti UniFi Access Command Injection Vulnerability

Highlights

CVE-2025-6212 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

June 26, 2025

CVE ID : CVE-2025-6212

Published : June 26, 2025, 10:15 a.m. | 48 minutes ago

Description : The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the admin-side AJAX endpoint ajax_get_table_data() returns those raw names as JSON column headers, and the client-side DataTables renderer injects them directly into the DOM without any HTML encoding. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

3 portable power stations I travel everywhere with (and how they differ)

I tried Lenovo’s new rollable ThinkBook and can’t go back to regular-sized screens

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

spatie/laravel-flare

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

The Gaming Desktop I’ve Relied on More Than Any Other Is More Powerful and Sleeker Than Ever — But Damn, It’s Expensive

CVE-2025-46094 – LiquidFiles Arbitrary File Upload Vulnerability

Android adware: What is it, and how do I get it off my device?

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

CVE-2025-5359 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2025-53482 – Wikimedia Foundation Mediawiki – IPInfo Extension Cross-Site Scripting (XSS) Vulnerability

Highlighted at CVPR 2025: Google DeepMind’s ‘Motion Prompting’ Paper Unlocks Granular Video Control

CVE-2025-23183 – Apache HTTP Server Open Redirect Vulnerability

CVE-2025-6212 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

Solaar is a Linux manager for Logitech keyboards, mice and trackpads

CVE-2025-5229 – Campcodes Online Hospital Management System SQL Injection Vulnerability

An Holistic Framework for Shared Design Leadership

CVE-2025-46094 – LiquidFiles Arbitrary File Upload Vulnerability

Related Posts