CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

June 24, 2025

CVE ID : CVE-2025-52888

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53021 – “Moodle Session Fixation Vulnerability”

Next Article CVE-2025-52882 – Claude Code WebSocket Remote Code Execution (RCE)

Highlights

CVE-2025-7553 – D-Link DIR-818LW Remote OS Command Injection Vulnerability

July 13, 2025

CVE ID : CVE-2025-7553

Published : July 14, 2025, 12:15 a.m. | 15 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

What is the Role of User Experience (UX) in Organic Search Rankings

CVE-2025-6550 – Elementor Pack Stored Cross-Site Scripting Vulnerability

Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters

Xnec2c – graphical NEC2 antenna simulation

CVE-2025-7553 – D-Link DIR-818LW Remote OS Command Injection Vulnerability

CVE-2025-2772 – BEC Technologies Router Credentials Disclosure Vulnerability

Flyby tracks and predicts passes of satellites in Earth orbit

Gradebook – keep track of your grades

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

Related Posts