CVE-2025-40726 – Nosto Reflected Cross-Site Scripting (XSS)

June 16, 2025

CVE ID : CVE-2025-40726

Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago

Description : Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40727 – Phoenix Site CMS Reflected Cross Site Scripting (XSS)

Next Article CVE-2025-3464 – ASUS Armoury Crate Authentication Bypass

Highlights

CVE-2025-5644 – Radare2 Use After Free Vulnerability in r_cons_flush Function

June 5, 2025

CVE ID : CVE-2025-5644

Published : June 5, 2025, 7:15 a.m. | 4 hours, 25 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.

Severity: 2.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-40726 – Nosto Reflected Cross-Site Scripting (XSS)

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Authorities Seize Over 100 Servers of the Pro‑Russian NoName057(16) Hacktivist Network

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-51954 – ElectronHub AI Playground XSS

CVE-2025-5644 – Radare2 Use After Free Vulnerability in r_cons_flush Function

I tried Google’s new agentic IDE, and it blows away the popular VS Code – here’s how

Veo3API.ai: Affordable Veo 3 API with Fast/Turbo & Quality Modes

The Middle(ware) Child

CVE-2025-40726 – Nosto Reflected Cross-Site Scripting (XSS)

Related Posts