CVE-2025-47660 – Codexpert, Inc WC Affiliate Deserialization of Untrusted Data Object Injection Vulnerability

May 27, 2025

CVE ID : CVE-2025-47660

Published : May 23, 2025, 1:15 p.m. | 4 days ago

Description : Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC Affiliate: from n/a through 2.9.1.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47663 – Mojoomla Hospital Management System Unrestricted File Upload Vulnerability

Next Article Voice AI and Conversational Interfaces: The Next Frontier in Insurance CX

Highlights

CVE-2025-54887 – jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

August 8, 2025

CVE ID : CVE-2025-54887

Published : Aug. 8, 2025, 1:15 a.m. | 22 hours, 44 minutes ago

Description : jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

14 Best Free and Open Source Electronic Design Automation Tools

April 9, 2025

Why Guidewire Programs Fail: The Missing Layer of Assurance Enterprises Must Know

June 17, 2025

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

May 16, 2025

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-47660 – Codexpert, Inc WC Affiliate Deserialization of Untrusted Data Object Injection Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2025-39403 – Mojoomla WPAMS SQL Injection

CVE-2025-21085 – PingFederate PostgreSQL OAuth2 Memory Exhaustion

CVE-2025-48336 – ThimPress Course Builder Object Injection Vulnerability

CVE-2025-7463 – Tenda FH1201 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-54887 – jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

14 Best Free and Open Source Electronic Design Automation Tools

Why Guidewire Programs Fail: The Missing Layer of Assurance Enterprises Must Know

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

CVE-2025-47660 – Codexpert, Inc WC Affiliate Deserialization of Untrusted Data Object Injection Vulnerability

Related Posts