CVE-2025-53312 – OnionBuzz Looks Awesome CSRF Stored XSS

June 27, 2025

CVE ID : CVE-2025-53312

Published : June 27, 2025, 2:15 p.m. | 55 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53313 – Twitch TV Embed Suite CSRF Stored XSS

Next Article CVE-2025-53311 – Navayan Subscribe CSRF Stored XSS

Highlights

CVE-2025-32955 – Harden-Runner Docker Privilege Escalation Vulnerability

April 21, 2025

CVE ID : CVE-2025-32955

Published : April 21, 2025, 9:15 p.m. | 1 hour, 16 minutes ago

Description : Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

bitHuman launches SDK for creating AI avatars

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

Microsoft’s new update makes your taskbar a productivity hub – here’s how

Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

CVE-2025-53312 – OnionBuzz Looks Awesome CSRF Stored XSS

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

WinRAR zero-day exploited in espionage attacks against high-value targets

WinRAR patches bug letting malware launch from extracted archives

Reminiscence is a self-hosted bookmark and archive manager

How to Connect Two Monitors to One Laptop (Without the Headache)

CVE-2025-25032 – IBM Cognos Analytics Memory Exhaustion Denial of Service

CVE-2025-32955 – Harden-Runner Docker Privilege Escalation Vulnerability

TikTok Researchers Introduce SWE-Perf: The First Benchmark for Repository-Level Code Performance Optimization

CVE-2025-49763 — Apache Traffic Server ESI Memory Exhaustion Flaw

CVE-2025-53792 – Azure Portal Unauthenticated Remote Command Injection

CVE-2025-53312 – OnionBuzz Looks Awesome CSRF Stored XSS

Related Posts