CVE-2025-48740 – StrangeBee TheHive CSRF

May 23, 2025

CVE ID : CVE-2025-48740

Published : May 23, 2025, 8:15 p.m. | 37 minutes ago

Description : A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim’s behalf, if the attacker lures a privileged user, authenticated with basic authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48741 – StrangeBee TheHive Broken Access Control Vulnerability

Next Article CVE-2025-48739 – TheHive SSRF

Highlights

CVE-2025-32958 – Adept Language GitHub Token Exposure

April 21, 2025

CVE ID : CVE-2025-32958

Published : April 21, 2025, 9:15 p.m. | 1 hour, 10 minutes ago

Description : Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Don’t make this costly thermostat mistake – and the best place to put it

68% of tech vendor customer support to be handled by AI by 2028, says Cisco report

These $130 Anker earbuds have no business sounding this good for the price

Pocket is shutting down – here’s how to retrieve what little data you still can

Last Call: Early Access for NativePHP Ends This Week

Last Call: Early Access for NativePHP Ends This Week

Setup Social Auth Redirects with Laravel Herd

Community News: Latest PECL Releases (05.27.2025)

Microsoft wants to make GamePad gaming faster on Chrome for Windows 11

Microsoft wants to make GamePad gaming faster on Chrome for Windows 11

Windows 11 KB5058502 restores Win + C, direct download links for version 23H2

Leak hints at Windows 11’s new feature that optimizes performance, tied to Copilot branding (?)

CVE-2025-48740 – StrangeBee TheHive CSRF

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-48749 – Netwrix Directory Manager Data Exfiltration Vulnerability

This AI Paper Introduces Effective State-Size (ESS): A Metric to Quantify Memory Utilization in Sequence Models for Performance Optimization

Service Providers in Laravel 11: Main Things You Need To Know

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

NVIDIA Releases Cosmos-Reason1: A Suite of AI Models Advancing Physical Common Sense and Embodied Reasoning in Real-World Environments

CVE-2025-32958 – Adept Language GitHub Token Exposure

Error’d: Not Impossible

Improve governance of models with Amazon SageMaker unified Model Cards and Model Registry

Streamlining Route Parameters in Laravel Using URL Defaults

CVE-2025-48740 – StrangeBee TheHive CSRF

Related Posts