CVE-2025-46612 – Airleader Master and Easy JSP File Upload Remote Command Execution

June 10, 2025

CVE ID : CVE-2025-46612

Published : June 10, 2025, 3:15 p.m. | 1 hour, 35 minutes ago

Description : The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-41797 – Siemens SCALANCE and RUGGEDCOM Authentication Bypass Vulnerability

Next Article CVE-2025-5353 – Ivanti Workspace Control SQL Credential Decryption Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-46612 – Airleader Master and Easy JSP File Upload Remote Command Execution

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

CVE-2025-4323 – Apache MRCMS Cross Site Scripting Vulnerability

CVE-2025-5638 – PHPGurukul Notice Board System SQL Injection Vulnerability

CVE-2025-43861 – ManageWiki Stored and Reflected XSS Vulnerability

CVE-2025-3811 – WordPress WPBookit Privilege Escalation Account Takeover Vulnerability

Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass

Mark Zuckerberg says Meta is developing AI friends to beat “the loneliness epidemic” — after Bill Gates claimed AI will replace humans for most things

CVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

Mem0: A Scalable Memory Architecture Enabling Persistent, Structured Recall for Long-Term AI Conversations Across Sessions

CVE-2025-46612 – Airleader Master and Easy JSP File Upload Remote Command Execution

Related Posts