CVE-2025-57805 – Scratch Channel Unauthenticated Article Publishing Vulnerability

August 25, 2025

CVE ID : CVE-2025-57805

Published : Aug. 25, 2025, 10:15 p.m. | 2 hours, 55 minutes ago

Description : The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who’s logged in. This issue has been patched in version 1.2.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-57809 – XGrammar Infinite Recursion Vulnerability

Next Article CVE-2025-8627 – TP-Link KP303 Unauthenticated Remote Command Injection

Highlights

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

May 5, 2025

CVE ID : CVE-2025-46559

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn’t designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-57805 – Scratch Channel Unauthenticated Article Publishing Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

People who fail to utilise my talents, I feel pity: Legend Srinidhi opens up!

How To Turn Your Figma Designs Into Live Apps With Anima Playground

CVE-2025-6937 – Code-projects Simple Pizza Ordering System SQL Injection Vulnerability

CVE-2025-8738 – “zlt2000 Microservices-Platform Spring Actuator Interface Information Disclosure Vulnerability”

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

Is Effortless UX a Myth? The Engaging Power of Friction

CVE-2025-22246 – Cloud Foundry UAA Authentication Bypass

CVE-2025-57773 – DataEase JNDI Injection Vulnerability

CVE-2025-57805 – Scratch Channel Unauthenticated Article Publishing Vulnerability

Related Posts