CVE-2025-46528 – Steve Availability Calendar CSRF Stored XSS

April 24, 2025

CVE ID : CVE-2025-46528

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46530 – HuangYe WuDeng Hacklog Remote Attachment CSRF Stored XSS

Next Article CVE-2025-46534 – DanielRiera Image Style Hover DOM-Based Cross-site Scripting Vulnerability

Highlights

CVE-2025-48999 – DataEase SQL Injection Vulnerability

June 3, 2025

CVE ID : CVE-2025-48999

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566’s patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Credit Card Sins

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

The state of strategic portfolio management

Xbox Games Showcase reveals Indiana Jones and the Great Circle to get new DLC this fall

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

Final Fantasy VII Remake and Final Fantasy XVI are FINALLY launching for Xbox consoles — One of which is available right now!

Neobrutalism CSS Button Generator

Neobrutalism CSS Button Generator

How to Become a Node.js Backend Developer

Professor Rita McGrath on Leading in Times of Uncertainty

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Hindsite is a fast, lightweight static website generator

Orange Pi 5 Ultra and Max Single Board Computers Running Linux: Introduction

CVE-2025-46528 – Steve Availability Calendar CSRF Stored XSS

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Windows Remote Desktop Services Vulnerability Allows Remote Code Execution

CVE-2025-48416 – OpenSSH Root Login Hard-Coded Credential Disclosure

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

Images altered to trick machine vision can influence humans too

ByteDance Introduces Seed1.5-VL: A Vision-Language Foundation Model Designed to Advance General-Purpose Multimodal Understanding and Reasoning

CVE-2025-48999 – DataEase SQL Injection Vulnerability

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

13 Useful Free and Open Source Linux Column-Oriented Databases

Microsoft will add the Calendar Flyout Clock to Windows 11’s Notification Center

CVE-2025-46528 – Steve Availability Calendar CSRF Stored XSS

Related Posts