CVE-2025-8756 – TDuckCloud Authorization Interceptor PreHandle Remote Improper Authorization Vulnerability

August 9, 2025

CVE ID : CVE-2025-8756

Published : Aug. 9, 2025, 3:15 p.m. | 8 hours, 25 minutes ago

Description : A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8757 – TRENDnet Embedded Boa Web Server Least Privilege Violation

Next Article CVE-2024-58238 – “Bluetooth btnxpuart UART Break Timing Vulnerability”

Highlights

CVE-2025-4072 – PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability

April 29, 2025

CVE ID : CVE-2025-4072

Published : April 29, 2025, 5:15 p.m. | 1 hour, 52 minutes ago

Description : A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-8756 – TDuckCloud Authorization Interceptor PreHandle Remote Improper Authorization Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

dclock is a digital clock

CVE-2025-53943 – VoidBot Open-Source Discord Bot Command Injection Vulnerability

CVE-2025-7619 – WellChoose BatchSignCS Arbitrary File Write Vulnerability

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

CVE-2025-4072 – PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability

CSS-Tricks Chronicles XLIII

CVE-2025-48445 – Drupal Commerce Eurobank Redirect Authorization Bypass

CVE-2025-49886 – WebGeniusLab Zikzag Core PHP RFI Vulnerability

CVE-2025-8756 – TDuckCloud Authorization Interceptor PreHandle Remote Improper Authorization Vulnerability

Related Posts