CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

June 3, 2025

CVE ID : CVE-2025-5509

Published : June 3, 2025, 4:15 p.m. | 3 hours, 15 minutes ago

Description : A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23107 – Samsung Exynos Out-of-Bounds Write Vulnerability

Next Article CVE-2025-5508 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability

Highlights

CVE-2025-4194 – WordPress AlT Monitoring CSRF

May 17, 2025

CVE ID : CVE-2025-4194

Published : May 17, 2025, 4:16 a.m. | 28 minutes ago

Description : The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the ‘ALT_Monitoring_edit’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

30+ Best Free Google Slides Templates for Designers & Professionals (2025)

This hidden Google Earth slider lets you travel up to 80 years back in time. Here’s how to try it

Ubuntu Devs Debate Splitting Linux Firmware to Reduce Size

CVE-2025-49134 – Weblate IP Address Disclosure Vulnerability

CVE-2025-4194 – WordPress AlT Monitoring CSRF

CVE-2025-25038 – MiniDVBLinux OS Command Injection Vulnerability

CVE-2025-5159 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

Microsoft Edge lets you turn off the Copilot-inspired New Tab Page and built-in Copilot Search for good

CVE-2025-5509 – Quequnlong Shiyi-Blog Remote Path Traversal Vulnerability

Related Posts