Poster - CVE CyberSecurity Database News (Page 269)

Jan 31, 2025 Exploit SQL PHP

CVE-2025-22957 - Exploiting a Critical SQL Injection in ZZCMS <= 2023 (Unauthenticated)

ZZCMS is a widely used, open-source content management system popular among small businesses and personal blogs in Asia. Recently, a nasty vulnerability has been discovered

Jan 31, 2025

CVE-2025-23001 - Host Header Injection in CTFd 3.7.5 — How This Severe Bug Endangers Your CTF Platform

--- CTFd is one of the most popular platforms for hosting Capture The Flag (CTF) competitions — thousands of schools, companies, and security communities use it.

Jan 31, 2025 API

CVE-2024-53584 - OS Command Injection in OpenPanel v.3.4 via `timezone` Parameter

OpenPanel is a popular web-based server control panel, widely used for managing server tasks with a simple graphical interface. In May 2024, a critical security

Jan 31, 2025 Exploit JSON Web Token Java

CVE-2024-57432 - Exploiting Insecure Permissions in macrozheng mall-tiny 1..1 with Hardcoded JWT Secrets (Exclusive Guide)

The macrozheng mall-tiny project (version 1..1) is a lightweight e-commerce platform widely used for learning and small business solutions. However, a severe vulnerability—CVE-2024-57432—

Jan 31, 2025

CVE-2024-47857 - PrivX SSH Proxy Flaw Lets Users Impersonate Accounts – Exploit Demo & Analysis

CVE-2024-47857 is a newly discovered critical vulnerability in PrivX, an SSH access management tool developed by SSH Communications Security. This flaw impacts PrivX versions 18.