CVE-2025-50286 – Grav CMS Remote Code Execution

August 6, 2025

CVE ID : CVE-2025-50286

Published : Aug. 6, 2025, 3:15 p.m. | 8 hours, 29 minutes ago

Description : A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53786 – Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability

Next Article CVE-2025-3320 – IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-48054 – Radashi Prototype Pollution Vulnerability

May 27, 2025

CVE ID : CVE-2025-48054

Published : May 27, 2025, 5:15 a.m. | 15 minutes ago

Description : Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4107 – Microsoft Windows SMB Remote Code Execution Vulnerability

May 8, 2025

DeepSeek-AI Released DeepSeek-Prover-V2: An Open-Source Large Language Model Designed for Formal Theorem, Proving through Subgoal Decomposition and Reinforcement Learning

May 1, 2025

Siri 2.0 Delayed? Next-Gen AI Assistant Not Expected Until iOS 26.4 in Spring 2026

June 14, 2025

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-50286 – Grav CMS Remote Code Execution

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Trend Micro meldt kritiek RCE-lek in beveiligingsplatform Apex Central

FOSS Weekly #25.28: Xfce Customization, CoMaps, Disk Space Clean-up, Deprecated Commands and More

Don’t Tap The Glass Tyler The Creator Shirt

CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

CVE-2025-48054 – Radashi Prototype Pollution Vulnerability

CVE-2025-4107 – Microsoft Windows SMB Remote Code Execution Vulnerability

DeepSeek-AI Released DeepSeek-Prover-V2: An Open-Source Large Language Model Designed for Formal Theorem, Proving through Subgoal Decomposition and Reinforcement Learning

Siri 2.0 Delayed? Next-Gen AI Assistant Not Expected Until iOS 26.4 in Spring 2026

CVE-2025-50286 – Grav CMS Remote Code Execution

Related Posts