CVE CyberSecurity Database News (Page 60)

Apr 28, 2025 Java

CVE-2025-22235 - Security Bypass in Spring Security EndpointRequest.to() When Endpoint is Disabled or Not Exposed

In early 2025, a new vulnerability was assigned as CVE-2025-22235, affecting applications that rely on Spring Security to protect application endpoints. This particular weakness is

Apr 28, 2025 XSS WordPress Exploit

CVE-2024-9771 - How a Stored XSS in WP-Recall Plugin Let Admins Attack WordPress Sites Even Without “Unfiltered HTML”

A significant security bug, tracked as CVE-2024-9771, was discovered in the popular WP-Recall WordPress plugin. This vulnerability affects all versions before 16.26.12. What

Apr 28, 2025 WordPress

CVE-2024-13688 - How A Hardcoded Password in Admin and Site Enhancements (ASE) Plugin Let Attackers Sneak Past WordPress Protection

WordPress is an incredible platform, but its popularity makes it a favorite target for hackers. Security plugins are designed to keep your site safe, but

Apr 27, 2025 Windows Microsoft API Exploit

CVE-2025-46579 - DDE Injection Vulnerability in GoldenDB – How Hackers Can Sneak in Commands

GoldenDB is a well-known database product that’s widely used in financial and commercial sectors. Recently, security researchers have identified a serious vulnerability—CVE-2025-46579—that

Apr 26, 2025

CVE-2025-46653 - How a Weak Random Token in Formidable Puts Your Uploads at Risk

Formidable (aka node-formidable) is a popular Node.js module for parsing form data, including file uploads. It's used by thousands of projects worldwide.