CVE-2025-24779 – NooTheme Yogi Deserialization of Untrusted Data Object Injection Vulnerability

July 16, 2025

CVE ID : CVE-2025-24779

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-28959 – “MD Yeasin Ul Haider URL Shortener SQL Injection”

Next Article CVE-2025-24777 – Awethemes Hillter Object Injection Vulnerability

Highlights

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

May 8, 2025

CVE ID : CVE-2025-46336

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Graph CLI to be retired

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

I asked AI to modify mission-critical code, and what happened next haunts me

Why you should delete your browser extensions right now – or do this to stay safe

Dolby Vision 2 comes with big upgrades – here’s which TVs get them first

This one small feature makes this travel charger my favorite for business trips

Laracon AU 2025 Talk Titles Revealed

Laracon AU 2025 Talk Titles Revealed

Stop Writing Bad Controllers: Laravel Custom Collections Transform Your Code

Handle ownership relationships between Eloquent models with Laravel Ownable

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

How to Open Ports in Firewall on Windows Server

Google TV Remote Not Working? 5 Quick Fixes

CVE-2025-24779 – NooTheme Yogi Deserialization of Untrusted Data Object Injection Vulnerability

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

CVE-2025-5934 – Netgear EX3700 Stack-Based Buffer Overflow Vulnerability

CVE-2025-9175 – Neurobin SHC Stack-Based Buffer Overflow

CVE-2024-38341 – IBM Sterling Secure Proxy Weak Cryptographic Algorithm Vulnerability

CVE-2025-23310 – NVIDIA Triton Inference Server Stack Buffer Overflow Vulnerability

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

From Art School Drop-out to Microsoft Engineer with Shashi Lo [Podcast #170]

WSJT-X is designed for weak-signal digital communication by amateur radio

CVE-2025-36630 – Nessus Windows Local Privilege Escalation Vulnerability

CVE-2025-24779 – NooTheme Yogi Deserialization of Untrusted Data Object Injection Vulnerability

Related Posts