CVE-2025-6774 – Gooaclok819 SublinkX Path Traversal Vulnerability

June 27, 2025

CVE ID : CVE-2025-6774

Published : June 27, 2025, 8:15 p.m. | 2 hours, 2 minutes ago

Description : A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9 is able to address this issue. The patch is identified as 778d26aef723daa58df98c8060c43f5bf5d1b10b. It is recommended to upgrade the affected component.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6775 – Xiaoyunjie OpenVPN-CMS-Flask Command Injection Vulnerability

Next Article CVE-2025-53094 – ESPAsyncWebServer CRLF Injection Vulnerability

Highlights

CVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

April 26, 2025

CVE ID : CVE-2025-2101

Published : April 26, 2025, 9:15 a.m. | 2 hours, 49 minutes ago

Description : The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the ‘template’ parameter of the ‘edumall_lazy_load_template’ AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-6774 – Gooaclok819 SublinkX Path Traversal Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2024-48907 – Sematell ReplyOne 7.4.3.0 allows SSRF via the appl

20 Best Free and Open Source Linux Synthesizers

My search for the ultimate multitool for under $30 is finally over

4 Critical Security Flaws Patched in VMware Workstation Pro

CVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

No console needed — this discounted bundle comes with an Xbox Controller, Fire TV Stick 4K, and Game Pass Ultimate

CVE-2025-5936 – WordPress VR Calendar CSRF

CVE-2025-36016 – IBM Process Mining Open Redirect Phishing Vulnerability

CVE-2025-6774 – Gooaclok819 SublinkX Path Traversal Vulnerability

Related Posts