CVE-2025-39247 – HikCentral Professional Unauthenticated Privilege Escalation

August 29, 2025

CVE ID : CVE-2025-39247

Published : Aug. 29, 2025, 3:15 a.m. | 23 hours, 54 minutes ago

Description : There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9605 – Tenda AC21/AC23 Stack-Based Buffer Overflow Vulnerability

Next Article UI automation: Why “try, try again”is your mantra

Highlights

CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

June 13, 2025

CVE ID : CVE-2025-4586

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmcalendarview’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

August 2025: AI updates from the past month

UI automation: Why “try, try again”is your mantra

AI is returning to Taco Bell and McDonald’s drive-thrus – will customers bite this time?

I deciphered Apple’s iPhone 17 event invite – my 3 biggest theories for what’s expected

This Milwaukee 9-tool kit is $200 off for Labor Day – here’s what’s included

Massive TransUnion breach leaks personal data of 4.4 million customers – what to do now

Streamlining Application Automation with Laravel’s Task Scheduler

Streamlining Application Automation with Laravel’s Task Scheduler

A Fluent Path Builder for PHP and Laravel

Planning Sitecore Migration: Things to consider

From Novice to Pro: Mastering Lightweight Linux for Your Kubernetes Projects

From Novice to Pro: Mastering Lightweight Linux for Your Kubernetes Projects

Microsoft AI launches MAI-Voice-1 and previews MAI-1 foundation model

Clipchamp Tutorial: Cut and Split Videos Quickly

CVE-2025-39247 – HikCentral Professional Unauthenticated Privilege Escalation

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Ransomware Attack Hits Nevada: DMV, Health Authority Among Agencies Affected

Dual Booting CachyOS and Windows

gita – manage multiple git repos

Sand Blast

The Intersection of Agile and Accessibility – Measuring Accessibility as a Team KPI

CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

Windows 11’s Copilot app confirms GPT-5, Microsoft 365 Copilot, Azure prepares for GPT-5

7 features in Windows 11 I wish were enabled by default

CVE-2025-48066 – Wire Webapp Local Data Deletion Failure

CVE-2025-39247 – HikCentral Professional Unauthenticated Privilege Escalation

Related Posts