CVE-2025-40632 – Icewarp Mail Server Cross-site Scripting (XSS)

May 16, 2025

CVE ID : CVE-2025-40632

Published : May 16, 2025, 11:15 a.m. | 1 hour, 7 minutes ago

Description : Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4770 – PHPGurukul Park Ticketing Management System SQL Injection Vulnerability

Next Article CVE-2025-40631 – Icewarp Mail Server Host Header Injection Vulnerability

Highlights

CVE-2025-35007 – Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-35007

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

CompTIA State of the Tech Workforce 2025 released, Meta joins Kotlin Foundation, Percona launches Transparent Data Encryption for PostgreSQL – Daily News Digest

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

ROG Ally drops to its lowest price ever, making it less than Switch 2 — Here’s why it could be your dream gaming handheld

1KB JavaScript Demoscene Challenge Just Launched

1KB JavaScript Demoscene Challenge Just Launched

Salesforce Marketing Cloud for Medical Devices

June report 2025

Intel’s former CEO speaks out — “I wanted to finish what I started”

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

CVE-2025-40632 – Icewarp Mail Server Cross-site Scripting (XSS)

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

CVE-2025-4660 – “SecureConnector Windows Agent Named Pipe Remote Code Execution Vulnerability”

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Distribution Release: deepin 23.1

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

CVE-2025-35007 – Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

Xbox Game Pass just had its strongest content quarter ever, but can we expect this level of quality forever?

EU Vulnerability Database Officially Launches Amid CVE Program Concerns

CVE-2025-32002 – I-O DATA HDL-T Series OS Command Injection

CVE-2025-40632 – Icewarp Mail Server Cross-site Scripting (XSS)

Related Posts