CVE-2025-49127: Unauthenticated Remote Code Execution in Kafbat UI
CVE-2025-49127 is a recently disclosed high-severity vulnerability affecting Kafbat UI, a web interface for managing Apache Kafka clusters. The flaw allows unauthenticated attackers to execute arbitrary code on the server via unsafe deserialization in version 1.0.0. This vulnerability has been addressed in version 1.1.0. Vulnerability Details Exploitation Path The vulnerability arises from unsafe deserialization in […]
CVE-2025-5733: Full Path Disclosure Vulnerability in Modern Events Calendar Lite Plugin for WordPress
CVE-2025-5733 is a recently disclosed vulnerability affecting the Modern Events Calendar Lite plugin for WordPress (versions ≤ 7.21.9). The flaw allows unauthenticated attackers to retrieve the full path of the web application, potentially aiding in further attacks. Vulnerability Details Exploitation Path The vulnerability stems from improper validation of the id property when exporting calendars. This […]