CVE-2025-8522 – Givanz Vvvebjs Node.js File Path Traversal Vulnerability

August 4, 2025

CVE ID : CVE-2025-8522

Published : Aug. 4, 2025, 7:15 p.m. | 4 hours, 28 minutes ago

Description : A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50340 – SOGo Webmail IDOR Email Spoofing

Next Article CVE-2025-8521 – Givanz Vvveb Add Type Handler Cross-Site Scripting Vulnerability

Highlights

CVE-2025-35006 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-35006

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-8522 – Givanz Vvvebjs Node.js File Path Traversal Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-38223 – Ceph: Kernel BUG on encrypted inode with unaligned file size

CVE-2025-3816 – Westboy CicadasCMS OS Command Injection Vulnerability

Bethesda’s Oblivion Remastered reaches massive milestone that makes it the Xbox Game Pass hit of the summer — but ‘Mixed’ Steam reviews highlight a huge problem

CVE-2025-53339 – Devnex Addons For Elementor PHP Remote File Inclusion Vulnerability

CVE-2025-35006 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

Bilt Rewards now lets you pay your student loans with points

Best Free and Open Source Alternatives to Microsoft Loop

The Last Signal

CVE-2025-8522 – Givanz Vvvebjs Node.js File Path Traversal Vulnerability

Related Posts