CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

June 11, 2025

CVE ID : CVE-2025-40915

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.

That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22874 – DigiCert SSL Verify Certificate Validation Bypass

Next Article CVE-2025-4673 – Apache Web Server HTTP Header Information Disclosure

Highlights

CVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

May 31, 2025

CVE ID : CVE-2025-4857

Published : May 31, 2025, 12:15 p.m. | 1 hour, 28 minutes ago

Description : The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the ‘file’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Scaling Diffusion Language Models via Adaptation from Autoregressive Models

ABBYY’s new OCR API enables developers to more easily extract data from documents

CVE-2025-5982 – GitLab EE IP Access Restriction Bypass Vulnerability

Black Hat USA 2025 CISO Podcast Series Episode 5 Out Now

CVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

CVE-2025-4836 – Projectworlds Life Insurance Management System SQL Injection

CVE-2025-4649 – Centreon Web Privilege Escalation Vulnerability

CVE-2011-10027 – AOL Desktop Buffer Overflow Vulnerability

CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

Related Posts