Development

CVE ID : CVE-2025-53487

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped.

This issue affects Mediawiki – ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53375

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53376

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure
docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53374

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7057

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – Quiz Extension allows Stored XSS.This issue affects Mediawiki – Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7134

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7135

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7259

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36014

Published : July 7, 2025, 5:15 p.m. | 59 minutes ago

Description : IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53529

Published : July 7, 2025, 5:15 p.m. | 59 minutes ago

Description : WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to inject arbitrary SQL commands. The vulnerability is fixed in 3.4.3.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Comodo Internet Security 2025 Vulnerabilities Execute Remote Code With SYSTEM Privilege

Multiple critical vulnerabilities in Comodo Internet Security Premium 2025 allow attackers to execute remote code with SYSTEM privileges, completely compromising victim systems through malicious updat …
Read more

Published Date:
Jul 07, 2025 (4 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-7095

VAPT Report on HTTPAPI Services in Windows 10 Healthcare Endpoint

This report documents a targeted VAPT simulation that exploited Microsoft HTTPAPI via port 5357 to assess system misconfigurations and apply mitigation through service hardening and firewall enforceme …
Read more

Published Date:
Jul 07, 2025 (4 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

As developers, we’re always looking for more efficient tools. The MERN stack (MongoDB, Express.js, React, and Node.js) stands out for…

If you’ve ever built a form in React and felt like the input fields had a mind of their own,…

Data and politics are becoming increasingly intertwined. Today’s political campaigns and voter mobilization efforts are now entirely data-driven. Voters, pollsters,…

The MIT Health and Life Sciences Collaborative (MIT HEALS) is launching the Biswas Postdoctoral Fellowship Program to advance the work…

Comments Source: Read More 

Imagine you’re building a React app where users can log in, get notifications, and change theme preferences. With traditional tools…

Abstract In recent years, language models and AI have reshaped how we interact with data. Yet, a significant portion of…

Meet Erin Zapata, a Practice Director based in Chicago, Illinois, whose empowering leadership and commitment to professional development have made…