CVE-2025-6694 – LabRedesCefetRJ WeGIA Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-6694

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6706 – MongoDB Server Use After Free Vulnerability

Next Article CVE-2025-6677 – Drupal Paragraphs Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

May 22, 2025

CVE ID : CVE-2025-3881

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-6694 – LabRedesCefetRJ WeGIA Cross-Site Scripting Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

Quantum AI: The Next Frontier in Solving Complex Business Problems🧠

Agentforce Release Event: See What’s New for AI

CVE-2025-47931 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-7057 – Wikimedia Foundation Mediawiki Quiz Extension Stored XSS Vulnerability

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

How to Switch Monitor 1 and 2: The Real-World Fix for a Backward Setup

CVE-2025-6694 – LabRedesCefetRJ WeGIA Cross-Site Scripting Vulnerability

Related Posts