CVE-2025-50286 – Grav CMS Remote Code Execution

August 6, 2025

CVE ID : CVE-2025-50286

Published : Aug. 6, 2025, 3:15 p.m. | 8 hours, 29 minutes ago

Description : A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53786 – Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability

Next Article CVE-2025-3320 – IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-34129 – LILIN Digital Video Recorder (DVR) Command Injection Vulnerability

July 16, 2025

CVE ID : CVE-2025-34129

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-50286 – Grav CMS Remote Code Execution

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

CVE-2025-7624 – An SQL injection vulnerability in the legacy (tran

Understanding Memory Page Sizes on Arm64

Don’t buy the wrong microSD card for your Nintendo Switch 2 – this one’s my pick

Website Design Services in Bangalore from Bookspotz Led by Digital Marketing Legend Srinidhi Ranganathan

CVE-2025-34129 – LILIN Digital Video Recorder (DVR) Command Injection Vulnerability

Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE attacks

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

CVE-2025-48382 – Apache Fess Temporary File Information Disclosure Vulnerability

CVE-2025-50286 – Grav CMS Remote Code Execution

Related Posts