Microsoft has announced another Free Play Days, and this week’s lineup includes WWE 2K25, available to try at no cost…
On Windows 11, opening a CSV file may seem straightforward—but many users run into issues such as broken formatting, jumbled…
After weeks of leaks and speculation, Battlefield 6 finally has a release date, and it’s closer than expected. EA officially…
10 Reasons To Build a Full-stack Python Development Company Page Updated On GET A FREE QUOTE Top 15 Enterprise Use…
Ever sat in a meeting where everyone jumped straight to solutions? “We need a new app!” “Let’s redesign the homepage!”…
While AI is becoming better at generating that functional code, it is also enabling attackers to identify and exploit vulnerabilities…
Like many large enterprises, we must navigate the beauty and chaos of legacy code. In our case, decades of SQL…
10 Reasons To Build a Full-stack Python Development Company Page Updated On GET A FREE QUOTE Node.js vs Java: 8…
Everybody loves a beautiful wallpaper to freshen up their desktops and home screens, right? To cater for new and unique…
Google’s new Opal tool allows users to create mini AI apps with no coding required Google has launched a new…
Companies rushed into AI adoption without building the data foundations necessary to make it work reliably. Now they’re discovering that…
CVE ID : CVE-2025-7847
Published : July 31, 2025, 5:15 a.m. | 18 hours, 9 minutes ago
Description : The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server when the REST API is enabled, which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53558
Published : July 31, 2025, 6:15 a.m. | 17 hours, 9 minutes ago
Description : ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50475
Published : July 31, 2025, 3:15 p.m. | 8 hours, 9 minutes ago
Description : An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50849
Published : July 31, 2025, 3:15 p.m. | 8 hours, 9 minutes ago
Description : CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users’ accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52289
Published : July 31, 2025, 3:15 p.m. | 8 hours, 9 minutes ago
Description : A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom “pending” to “active” without requiring administrator approval.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50850
Published : July 31, 2025, 4:15 p.m. | 7 hours, 9 minutes ago
Description : An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51384
Published : July 31, 2025, 6:15 p.m. | 6 hours, 11 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51503
Published : July 31, 2025, 6:15 p.m. | 6 hours, 11 minutes ago
Description : A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51385
Published : July 31, 2025, 6:15 p.m. | 6 hours, 11 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…