CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-40846

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.

The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3759 – Netgear IGD Unauthenticated Configuration Change Vulnerability

Next Article CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

Highlights

CVE-2025-5444 – “Linksys Wireless Router RP_UpgradeFWByBBS OS Command Injection Vulnerability”

June 2, 2025

CVE ID : CVE-2025-5444

Published : June 2, 2025, 12:15 p.m. | 2 hours, 56 minutes ago

Description : A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Distribution Release: IPFire 2.29 Core 195

5 things to do with the Linux terminal on your Android phone – including my favorite

Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches

A Step-by-Step Guide to Implement Intelligent Request Routing with Claude

CVE-2025-5444 – “Linksys Wireless Router RP_UpgradeFWByBBS OS Command Injection Vulnerability”

IceBox converts images into a PDF file

CVE-2025-5498 – Slackero PHPwcms Remote Deserialization Vulnerability

Dynamic text-to-SQL for enterprise workloads with Amazon Bedrock Agents

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Related Posts