CVE-2025-7766 – Lantronix Provisioning Manager XML External Entity Injection RCE

July 22, 2025

CVE ID : CVE-2025-7766

Published : July 22, 2025, 10:15 p.m. | 2 hours, 29 minutes ago

Description : Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54138 – LibreNMS Remote File Inclusion Vulnerability

Next Article CVE-2025-54072 – Yt-dlp Windows Remote Code Execution Vulnerability

Highlights

CVE-2025-5140 – Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

May 25, 2025

CVE ID : CVE-2025-5140

Published : May 25, 2025, 2:15 a.m. | 2 hours, 48 minutes ago

Description : A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file comourswwwehropenPlatform1open4ClientTypecontrollerThirdMenuController.class. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-7766 – Lantronix Provisioning Manager XML External Entity Injection RCE

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Hugging Face Releases SmolVLA: A Compact Vision-Language-Action Model for Affordable and Efficient Robotics

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

You can save up to $700 on my favorite Bluetti power stations for Labor Day

Microsoft Authenticator is losing autofill but the tech giant already has a replacement

CVE-2025-5140 – Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

CVE-2025-54943 – SUNNET Corporate Training Management System Authentication Bypass

Rust compie 10 anni: storia di una rivoluzione che sta cambiando il mondo della programmazione di sistema

CVE-2025-43549 – Substance3D Use After Free Arbitrary Code Execution Vulnerability

CVE-2025-7766 – Lantronix Provisioning Manager XML External Entity Injection RCE

Related Posts