A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8526 is a medium-severity vulnerability affecting Exrick xboot versions 3.3.0 through 3.3.4. The vulnerability exists in the Upload function of the UploadController.java file within the xboot-fast module. Specifically, the flaw allows an attacker to manipulate the File argument to perform an unrestricted file upload. This means that an attacker can remotely upload arbitrary files to the server without proper validation or authorization checks. The vulnerability does not require user interaction and can be exploited remotely with low attack complexity and no privileges required, although some level of privileges (PR:L) is indicated in the CVSS vector, suggesting limited privileges may be needed. The CVSS 4.0 score is 5.3 (medium), reflecting a moderate impact on confidentiality, integrity, and availability with limited scope and vector complexity. The unrestricted upload can lead to several attack scenarios including uploading web shells, malware, or other malicious files that could compromise the server, lead to remote code execution, data leakage, or service disruption. Although no known exploits in the wild have been reported yet, the public disclosure of the exploit code increases the risk of exploitation. The vulnerability affects a widely used Java-based rapid development platform, Exrick xboot, which is popular for building enterprise applications. The lack of patch links suggests that a fix may not yet be available or publicly announced, increasing the urgency for organizations to implement mitigations.

CVE Database V5

Detailed information about CVE-2025-8526: Unrestricted Upload in Exrick xboot affecting Exrick xboot. Get real-time updates, technical details, and mitigation s

CVE-2025-8526: Unrestricted Upload in Exrick xboot - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8526: Unrestricted Upload in Exrick xboot

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.

CVE-2025-50754 is a critical security vulnerability identified in Unisite CMS version 5.0, specifically within its "Report" functionality. The vulnerability is a stored Cross-Site Scripting (XSS) flaw that allows an attacker to inject malicious scripts into the system. When an administrator views the compromised report, the malicious script executes in the context of the admin panel, enabling the attacker to hijack the administrator's session. This session hijacking is a pivotal step that grants the attacker elevated privileges within the CMS environment. Leveraging these privileges, the attacker can access the template editor feature of the CMS, which is intended for modifying website templates. Through this editor, the attacker can upload and execute a PHP web shell on the server. The web shell provides a backdoor for the attacker, allowing full remote code execution (RCE) on the server hosting the CMS. This chain of exploitation—from stored XSS to session hijacking to RCE—makes this vulnerability particularly dangerous. The absence of a CVSS score indicates that this vulnerability is newly disclosed, but the technical details clearly demonstrate a high-impact threat vector. The vulnerability requires that an attacker can submit malicious input to the report functionality and that an administrator views the infected report, implying some level of user interaction is necessary. However, once exploited, the attacker gains complete control over the server, which can lead to data theft, defacement, lateral movement within the network, or deployment of further malware.

Detailed information about CVE-2025-50754: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50754: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50754: n/a

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and repeated WinDbg analysis. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers.

CVE-2025-51726 identifies critical security weaknesses in the CyberGhostVPNSetup.exe Windows installer. The installer is signed using the deprecated SHA-1 cryptographic hash algorithm, which is vulnerable to collision attacks. This vulnerability enables an attacker to create a malicious installer with a forged SHA-1 signature that could be accepted by Windows signature verification mechanisms, especially on systems lacking strict SmartScreen or trust policy enforcement. This undermines the trust model of code signing, allowing supply-chain style attacks where users may unknowingly install compromised software. Additionally, the installer binary does not implement High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and WinDbg analysis. Without high entropy ASLR, the binary loads into predictable memory addresses, significantly increasing the likelihood of successful memory corruption exploits such as buffer overflows or use-after-free vulnerabilities. The combination of weak signature verification and predictable memory layout substantially lowers the difficulty for attackers to perform privilege escalation or execute arbitrary code via fake installers. Although no known exploits are currently reported in the wild, these weaknesses present a serious risk to the integrity and security of systems running this installer, particularly in environments with lax signature verification policies or outdated Windows versions. The absence of a CVSS score necessitates an assessment based on the potential impact and exploitability factors.

Detailed information about CVE-2025-51726: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51726: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51726: n/a

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

CVE-2025-51387 is a critical vulnerability affecting GitKraken Desktop versions 10.8.0 and 11.1.0, stemming from misconfigurations in the Electron framework's Fuse settings. Electron Fuses are security mechanisms designed to restrict the capabilities of Electron applications, preventing them from executing potentially dangerous operations. In this case, the vulnerability arises because the 'RunAsNode' fuse is enabled, allowing the application to run in Node.js mode, and the 'EnableNodeCliInspectArguments' fuse is not disabled, which permits passing Node.js CLI inspection arguments. This combination enables an attacker to execute arbitrary code within the context of the GitKraken Desktop application by injecting malicious arguments that the application processes as Node.js commands. Since GitKraken is a widely used Git client for developers, this vulnerability could be exploited to execute malicious code on the victim's machine, potentially leading to unauthorized access, data theft, or further compromise of the development environment. The vulnerability does not require user interaction beyond launching the application with crafted arguments, and no authentication is needed to exploit it if the attacker can influence the application's startup parameters. No known exploits are currently reported in the wild, and no official patches or mitigations have been published at the time of this analysis.

Detailed information about CVE-2025-51387: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51387: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51387: n/a

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.

Detailed information about CVE-2025-4599: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal a