CVE-2025-55618 – Hyundai Navigation App Cross-Site Scripting Vulnerability

August 27, 2025

CVE ID : CVE-2025-55618

Published : Aug. 27, 2025, 8:15 p.m. | 5 hours, 29 minutes ago

Description : In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55582 – D-Link DCS-825L Persistent Privilege Escalation and Arbitrary Code Execution

Next Article CVE-2025-3601 – GitLab Denial of Service (DoS) in URL Processing

Highlights

CVE-2025-43851 – Adobe Retrieval-based-Voice-Conversion-WebUI Remote Code Execution Vulnerability

May 5, 2025

CVE ID : CVE-2025-43851

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function in vr.py. In uvr , a new instance of AudioPre class is created with the model_path attribute containing the aformentioned user input. In the AudioPre class, the user input, is used to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google integrates Gemini CLI into Zed code editor

10 Benefits of Integrating React.js Vibe Coding into Your Agile DevOps Pipeline

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

This Vizio soundbar has impressive surround sound, and it’s on sale

DJI’s ultralight wireless Mic 3 captures great audio – even in tricky situations

OpenAI gives its voice agent superpowers to developers – look for more apps soon

T-Mobile will give you 4 free iPhone 16 phones right now – here’s how to get yours

Optimizing Laravel Livewire Performance with Computed Properties

Optimizing Laravel Livewire Performance with Computed Properties

Smart Cache Package for Laravel

This Week in Laravel: Filament 4 Videos and Pest 4 Browser Testing

Containers in 2025: Docker vs. Podman for Modern Developers

Containers in 2025: Docker vs. Podman for Modern Developers

FOSS Weekly #25.35: New Gerhwin DE, grep Command, Nitro init system, KDE Customization and More Linux Stuff

19 Beautiful Themes to Get a Better Visual Experience With VS Code

CVE-2025-55618 – Hyundai Navigation App Cross-Site Scripting Vulnerability

Don’t let “back to school” become “back to (cyber)bullying”

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

openSUSE Tumbleweed: L’introduzione di Myrlyn nella gestione del software

Windows 11 Build 22631.5696 rolls out to Beta channel with important fixes

CVE-2025-7124 – “Code-projects Online Note Sharing Unrestricted File Upload Vulnerability”

How to Code Linked Lists with TypeScript: A Handbook for Developers

CVE-2025-43851 – Adobe Retrieval-based-Voice-Conversion-WebUI Remote Code Execution Vulnerability

ZEISS Demonstrates the Power of Scalable Workflows with Ampere Altra and SpinKube

CVE-2025-47093 – Adobe Experience Manager Stored Cross-Site Scripting Vulnerability

CVE-2022-45125 – Apache HTTP Server Authentication Bypass

CVE-2025-55618 – Hyundai Navigation App Cross-Site Scripting Vulnerability

Related Posts