CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –

CVE-2025-2775 (CVSS score: 9.3) – An improper restriction of XML external entity (XXE) reference vulnerability in the

Source: Read More

Previous ArticleCISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Next Article Replit AI Agent Deletes Codebase and Lies About It — CEO Issues Apology

Highlights

CVE-2025-3746 – WordPress One Tap Signin Plugin Authentication Bypass

May 2, 2025

CVE ID : CVE-2025-3746

Published : May 2, 2025, 3:15 a.m. | 59 minutes ago

Description : The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user’s identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users’ email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account.
Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

Trump’s AI plan says a lot about open source – but here’s what it leaves out

Google’s new Search mode puts classic results back on top – how to access it

These AR swim goggles I tested have all the relevant metrics (and no subscription)

Google’s new AI tool Opal turns prompts into apps, no coding required

Laravel Scoped Route Binding for Nested Resource Management

Laravel Scoped Route Binding for Nested Resource Management

Add Reactions Functionality to Your App With Laravel Reactions

saasykit/laravel-open-graphy

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

“It deleted our production database without permission”: Bill Gates called it — coding is too complex to replace software engineers with AI

Top 6 new features and changes coming to Windows 11 in August 2025 — from AI agents to redesigned BSOD screens

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

Laravel Scoped Route Binding for Nested Resource Management

Add Reactions Functionality to Your App With Laravel Reactions

This Xbox Game Pass trick gets you Ultimate for $8.45 a month using an old loophole

Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code

I switched to a color E Ink tablet for months, and it beats the ReMarkable in key ways

id Software is updating DOOM: The Dark Ages’ difficulty because you said itwastooeasy

CVE-2025-3746 – WordPress One Tap Signin Plugin Authentication Bypass

CVE-2025-6273 – WebAssembly wabt Reachable Assertion Vulnerability

Is Anxiety Disorder a Neurological Disorder?

You can dismiss Apple Watch notifications with a flick of your wrist now

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

Related Posts