CVE-2025-48757 – Lovable Database Row-Level Security Bypass (Remote Unauthenticated)

May 30, 2025

CVE ID : CVE-2025-48757

Published : May 30, 2025, 3:15 a.m. | 1 hour, 44 minutes ago

Description : An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-44612 – Tinxy WiFi Lock Controller Remote Information Disclosure

Next Article CVE-2024-12224 – Servo rust-url IDNA Punycode Equivalence Validation Vulnerability

Highlights

CVE-2025-50067 – Oracle Application Express Strategic Planner Starter App HTTP Takeover Vulnerability

July 16, 2025

CVE ID : CVE-2025-50067

Published : July 15, 2025, 8:15 p.m. | 6 hours, 44 minutes ago

Description : Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Application Express. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

JetBrains updates Junie, Gemini API adds embedding model, and more – Daily News Digest

Cyberpunk 2077 Update 2.3 is bringing more vehicle customization, photo mode options, and one amazing new feature — launching this week

The cheapest place to get my games just got even cheaper — get an extra 10% off while you can

Destiny 2: The Edge of Fate reviews open ‘Mixed’ on Steam, with a player count only a fraction of The Final Shape’s — I’m surprised it’s this low after a new expansion

A rare opportunity is here to get an HP gaming laptop for only $500 — NVIDIA RTX graphics and a 144Hz display at a bargain price

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

FOSS Weekly #25.29: End of Ubuntu 24.10, AUR Issue, Terminal Tips, Screenshot Editing and More Linux Stuff

FOSS Weekly #25.29: End of Ubuntu 24.10, AUR Issue, Terminal Tips, Screenshot Editing and More Linux Stuff

Cyberpunk 2077 Update 2.3 is bringing more vehicle customization, photo mode options, and one amazing new feature — launching this week

The cheapest place to get my games just got even cheaper — get an extra 10% off while you can

CVE-2025-48757 – Lovable Database Row-Level Security Bypass (Remote Unauthenticated)

CVE-2025-7712 – The Madara WordPress Core Plugin Unvalidated File Deletion Vulnerability

CVE-2025-7735 – UNIMAX Hospital Information System SQL Injection

CVE-2025-46552 – GitHub KHC-INVITATION-AUTOMATION Unauthenticated User Data Disclosure

What is Google Veo AI

CVE-2025-5361 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2025-46812 – Trix Cross-Site Scripting Vulnerability

CVE-2025-50067 – Oracle Application Express Strategic Planner Starter App HTTP Takeover Vulnerability

Cinecred creates film credits without the pain

CVE-2025-3994 – TOTOLINK N150RT Cross-Site Scripting Vulnerability

CVE-2025-5358 – “PHPGurukul/Campcodes Cyber Cafe Management System SQL Injection Vulnerability”

CVE-2025-48757 – Lovable Database Row-Level Security Bypass (Remote Unauthenticated)

Related Posts