CVE-2025-45612 – Xmall Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-45612

Published : May 5, 2025, 8:15 p.m. | 18 hours, 44 minutes ago

Description : Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Next Article CVE-2025-45611 – Hope-Boot Authentication Bypass

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-45612 – Xmall Authentication Bypass

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

CVE-2025-5034 – WordPress wp-file-download Reflected Cross-Site Scripting

Supercharging vector search performance and relevance with pgvector 0.8.0 on Amazon Aurora PostgreSQL

Chrome Update Fixes High-Severity Security Flaw (CVE-2025-4096)

CVE-2025-5167 – Assimp Out-of-Bounds Read Vulnerability

CVE-2025-22859 – FortiClientEMS Relative Path Traversal File Write Vulnerability

CodeSOD: The Variable Toggle

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

CVE-2025-45015 – PHPGurukul Park Ticketing Management System Cross-Site Scripting (XSS)

CHIRP – GUI tool for programming ham radios

CVE-2025-45612 – Xmall Authentication Bypass

Related Posts