CVE-2025-48241 – Verge3D Cross-site Scripting (XSS)

May 23, 2025

CVE ID : CVE-2025-48241

Published : May 23, 2025, 1:15 p.m. | 1 hour, 37 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleResearchers from the National University of Singapore Introduce ‘Thinkless,’ an Adaptive Framework that Reduces Unnecessary Reasoning by up to 90% Using DeGRPO

Next Article CVE-2025-47678 – FunnelCockpit Cross-site Scripting

Highlights

CVE-2018-25110 – Apache Marked ReDoS Vulnerability

May 23, 2025

CVE ID : CVE-2018-25110

Published : May 23, 2025, 3:15 p.m. | 25 minutes ago

Description : Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-48241 – Verge3D Cross-site Scripting (XSS)

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

CVE-2025-53751 – Adobe Flash Unvalidated User Input

CVE-2025-4680 – upKeeper Instant Privilege Access Input Validation Bypass

More gamers can now upgrade to the latest version of Windows 11 — Microsoft finally removes update block

New SonicBoom Attack Allows Bypass of Authentication for Admin Access

CVE-2018-25110 – Apache Marked ReDoS Vulnerability

This Week in Laravel: Filament 4 Beta, AI Chat and Auth Packages

CVE-2025-47294 – Fortinet FortiOS Integer Overflow DoS

Samsung offers enticing preorder deal for new Galaxy foldable phones ahead of July Unpacked

CVE-2025-48241 – Verge3D Cross-site Scripting (XSS)

Related Posts