CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

May 26, 2025

CVE ID : CVE-2025-5164

Published : May 26, 2025, 3:15 a.m. | 1 hour, 55 minutes ago

Description : A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5165 – Assimp Out-of-Bounds Read Vulnerability

Next Article CVE-2025-5163 – “Yangshare WarehouseManager Remote Unauthenticated Access Control Bypass”

Highlights

CVE-2025-4301 – iSourcecode Content Management System SQL Injection Vulnerability

May 5, 2025

CVE ID : CVE-2025-4301

Published : May 6, 2025, 1:15 a.m. | 2 hours, 18 minutes ago

Description : A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Samsung launches One UI 8 beta – what’s new and how to join

The top-selling smartphone in 2025 so far might surprise you – here’s why

How to screen record on your iPhone – it’s easy

This 4K laser projector delivers glorious visuals that rival traditional TVs – here’s my buying advice

Introducing N|Sentinel: Your AI-Powered Agent for Node.js Performance Optimization

Introducing N|Sentinel: Your AI-Powered Agent for Node.js Performance Optimization

FoalTS framework – version 5 is released

Mastering Modern Monorepo Development with pnpm, Workspaces

Windows 11 KB5058499 24H2 adds features, direct download links (.msu)

Windows 11 KB5058499 24H2 adds features, direct download links (.msu)

Windows 10 KB5058481 sends users to Bing from new Calendar UI’s rich content

4 Best Free and Open Source GUI Bookmark Managers

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

CVE-2020-36846 – Brotli Embedded Library Buffer Overflow Vulnerability

CVE-2025-31199 – “Apple iOS/iPadOS/visualOS/macOS Sequoia Sensitive Data Disclosure”

15 Best Free and Open Source Test Automation Tools

Optimizing Training Data Allocation Between Supervised and Preference Finetuning in Large Language Models

CodeSOD: Join Us in this Query

CVE-2025-3802 – Tenda W12 and i24 HTTPd cgiPingSet Stack-Based Buffer Overflow

CVE-2025-4301 – iSourcecode Content Management System SQL Injection Vulnerability

Wello Solutions

CVE-2025-40621 – TCMAN GIM SQL Injection

Traditional EDR won’t cut it: why you need zero trust endpoint security

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Related Posts