CVE-2025-9095 – ExpressGateway Cross-Site Scripting Vulnerability

August 17, 2025

CVE ID : CVE-2025-9095

Published : Aug. 17, 2025, 11:15 p.m. | 2 hours, 56 minutes ago

Description : A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9096 – ExpressGateway Cross-Site Scripting Vulnerability

Next Article CVE-2025-9094 – ThingsBoard Template Engine Remote Code Injection Vulnerability

Highlights

CVE-2025-55159 – Apache Slab Uninitialized Memory Access Vulnerability

August 11, 2025

CVE ID : CVE-2025-55159

Published : Aug. 11, 2025, 11:15 p.m. | 53 minutes ago

Description : slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab’s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab’s actual length.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The best Xbox controller money can buy just got even better thanks to one update from Razer — especially if you’re also a PC gamer

April 14, 2025

CVE-2025-4114 – Netgear JWNR2000 Buffer Overflow Vulnerability

April 30, 2025

CVE-2025-5737 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

June 6, 2025

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-9095 – ExpressGateway Cross-Site Scripting Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

How to Deploy Laravel Projects to Live Server: The Ultimate Guide

CVE-2025-53376 – Dokploy Docker Command Injection Vulnerability

Red White and Bruh Shirt

CVE-2025-54887 – jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

CVE-2025-55159 – Apache Slab Uninitialized Memory Access Vulnerability

The best Xbox controller money can buy just got even better thanks to one update from Razer — especially if you’re also a PC gamer

CVE-2025-4114 – Netgear JWNR2000 Buffer Overflow Vulnerability

CVE-2025-5737 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-9095 – ExpressGateway Cross-Site Scripting Vulnerability

Related Posts