CVE-2025-49127: Unauthenticated Remote Code Execution in Kafbat UI
CVE-2025-49127 is a recently disclosed high-severity vulnerability affecting Kafbat UI, a web interface for managing Apache Kafka clusters. The flaw allows unauthenticated attackers to execute arbitrary code on the server via unsafe deserialization in version 1.0.0. This vulnerability has been addressed in version 1.1.0. Vulnerability Details Exploitation Path The vulnerability arises from unsafe deserialization in […]
CVE-2025-5733: Full Path Disclosure Vulnerability in Modern Events Calendar Lite Plugin for WordPress
CVE-2025-5733 is a recently disclosed vulnerability affecting the Modern Events Calendar Lite plugin for WordPress (versions ≤ 7.21.9). The flaw allows unauthenticated attackers to retrieve the full path of the web application, potentially aiding in further attacks. Vulnerability Details Exploitation Path The vulnerability stems from improper validation of the id property when exporting calendars. This […]
CVE-2025-5419: High-Severity Zero-Day Vulnerability in Google Chrome’s V8 Engine
CVE-2025-5419 is a recently disclosed high-severity vulnerability affecting Google Chrome’s V8 JavaScript engine. This out-of-bounds read and write flaw allows remote attackers to potentially exploit heap corruption via crafted HTML pages. The vulnerability has been actively exploited in the wild, prompting Google to release an emergency update to address the issue. Vulnerability Details Exploitation Path […]
CVE-2025-4224: Stored Cross-Site Scripting Vulnerability in wpForo Advanced Attachments Plugin
CVE-2025-4224 is a recently disclosed vulnerability affecting the wpForo + wpForo Advanced Attachments plugin for WordPress. Versions ≤ 3.1.3 are susceptible to a Stored Cross-Site Scripting (XSS) vulnerability, allowing authenticated users with Custom-level access or higher to inject malicious scripts via media upload names. In this post, we’ll walk through what the vulnerability means, who’s […]
CVE-2025-4857: Local File Inclusion Vulnerability in Newsletters Plugin for WordPress
CVE-2025-4857 is a recently disclosed vulnerability affecting the widely used Newsletters plugin for WordPress (versions ≤ 4.9.9.9). The flaw allows for Local File Inclusion (LFI), which could enable an attacker with Administrator-level access and above to execute unauthorized files on the server. In this post, we’ll walk through what the vulnerability means, who’s affected, and […]