CVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

May 24, 2025

CVE ID : CVE-2025-48752

Published : May 24, 2025, 3:15 a.m. | 1 hour, 38 minutes ago

Description : In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3869 – WordPress 4stats Plugin CSRF Vulnerability

Next Article CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

Highlights

CVE-2025-7504 – WordPress Friends Plugin PHP Object Injection Vulnerability

July 12, 2025

CVE ID : CVE-2025-7504

Published : July 12, 2025, 9:15 a.m. | 9 hours, 26 minutes ago

Description : The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the query_vars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This requires access to the sites SALT_NONCE and and SALT_KEY to exploit.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Token Limit – Monitor token usage in AI context files

CVE-2025-4382 – GRUB TPM Auto- decryption Data Exposure

CVE-2025-48786 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-37824 – Linux Kernel Tipc NULL Pointer Dereference Vulnerability

CVE-2025-7504 – WordPress Friends Plugin PHP Object Injection Vulnerability

CVE-2025-7323 – IrfanView CADImage Plugin DWG File Parsing Memory

CVE-2023-35815 – DevExpress XML Deserialization Data-Sourcing Protection Bypass

CVE-2025-48300 – Groundhogg Web Shell Upload Vulnerability

CVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

Related Posts