CVE-2025-36846 – An issue was discovered in Eveo URVE Web Manager 2

July 21, 2025

CVE ID : CVE-2025-36846

Published : July 21, 2025, 6:15 p.m. | 5 hours, 59 minutes ago

Description : An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shell_exec() function of PHP. NOTE: this can be chained with CVE-2025-36845.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2020-26799 – A reflected cross-site scripting (XSS) vulnerabili

Next Article CVE-2025-36845 – An issue was discovered in Eveo URVE Web Manager 2

Highlights

CVE-2025-2828 – Apache Langchain SSRF

June 23, 2025

CVE ID : CVE-2025-2828

Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago

Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-36846 – An issue was discovered in Eveo URVE Web Manager 2

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2025-37826 – Linux Kernel UFS SCSI Null Pointer Dereference Vulnerability

My favorite Kindle tablet just got a kids model, and it makes so much sense

CVE-2025-5395 – WordPress Automatic Plugin Unvalidated File Upload Vulnerability

Empowering YouTube creators with generative AI

CVE-2025-2828 – Apache Langchain SSRF

CVE-2025-49260 – ThemBay Aora PHP Remote File Inclusion Vulnerability

CVE-2025-2092 – Checkmk GmbH Checkmk Log File Information Disclosure

Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit

CVE-2025-36846 – An issue was discovered in Eveo URVE Web Manager 2

Related Posts