Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.

CVE-2025-50754 is a critical security vulnerability identified in Unisite CMS version 5.0, specifically within its "Report" functionality. The vulnerability is a stored Cross-Site Scripting (XSS) flaw that allows an attacker to inject malicious scripts into the system. When an administrator views the compromised report, the malicious script executes in the context of the admin panel, enabling the attacker to hijack the administrator's session. This session hijacking is a pivotal step that grants the attacker elevated privileges within the CMS environment. Leveraging these privileges, the attacker can access the template editor feature of the CMS, which is intended for modifying website templates. Through this editor, the attacker can upload and execute a PHP web shell on the server. The web shell provides a backdoor for the attacker, allowing full remote code execution (RCE) on the server hosting the CMS. This chain of exploitation—from stored XSS to session hijacking to RCE—makes this vulnerability particularly dangerous. The absence of a CVSS score indicates that this vulnerability is newly disclosed, but the technical details clearly demonstrate a high-impact threat vector. The vulnerability requires that an attacker can submit malicious input to the report functionality and that an administrator views the infected report, implying some level of user interaction is necessary. However, once exploited, the attacker gains complete control over the server, which can lead to data theft, defacement, lateral movement within the network, or deployment of further malware.

CVE Database V5

Detailed information about CVE-2025-50754: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50754: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50754: n/a

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and repeated WinDbg analysis. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers.

CVE-2025-51726 identifies critical security weaknesses in the CyberGhostVPNSetup.exe Windows installer. The installer is signed using the deprecated SHA-1 cryptographic hash algorithm, which is vulnerable to collision attacks. This vulnerability enables an attacker to create a malicious installer with a forged SHA-1 signature that could be accepted by Windows signature verification mechanisms, especially on systems lacking strict SmartScreen or trust policy enforcement. This undermines the trust model of code signing, allowing supply-chain style attacks where users may unknowingly install compromised software. Additionally, the installer binary does not implement High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and WinDbg analysis. Without high entropy ASLR, the binary loads into predictable memory addresses, significantly increasing the likelihood of successful memory corruption exploits such as buffer overflows or use-after-free vulnerabilities. The combination of weak signature verification and predictable memory layout substantially lowers the difficulty for attackers to perform privilege escalation or execute arbitrary code via fake installers. Although no known exploits are currently reported in the wild, these weaknesses present a serious risk to the integrity and security of systems running this installer, particularly in environments with lax signature verification policies or outdated Windows versions. The absence of a CVSS score necessitates an assessment based on the potential impact and exploitability factors.

Detailed information about CVE-2025-51726: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51726: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51726: n/a

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

CVE-2025-51387 is a critical vulnerability affecting GitKraken Desktop versions 10.8.0 and 11.1.0, stemming from misconfigurations in the Electron framework's Fuse settings. Electron Fuses are security mechanisms designed to restrict the capabilities of Electron applications, preventing them from executing potentially dangerous operations. In this case, the vulnerability arises because the 'RunAsNode' fuse is enabled, allowing the application to run in Node.js mode, and the 'EnableNodeCliInspectArguments' fuse is not disabled, which permits passing Node.js CLI inspection arguments. This combination enables an attacker to execute arbitrary code within the context of the GitKraken Desktop application by injecting malicious arguments that the application processes as Node.js commands. Since GitKraken is a widely used Git client for developers, this vulnerability could be exploited to execute malicious code on the victim's machine, potentially leading to unauthorized access, data theft, or further compromise of the development environment. The vulnerability does not require user interaction beyond launching the application with crafted arguments, and no authentication is needed to exploit it if the attacker can influence the application's startup parameters. No known exploits are currently reported in the wild, and no official patches or mitigations have been published at the time of this analysis.

Detailed information about CVE-2025-51387: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51387: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51387: n/a

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8525 is an information disclosure vulnerability identified in Exrick xboot versions up to 3.3.4. The vulnerability stems from a problematic component within the Spring Boot Admin or Spring Actuator integration used by xboot. Spring Boot Admin and Actuator are commonly used for monitoring and managing Spring Boot applications, exposing endpoints that provide operational information. The vulnerability allows an unauthenticated remote attacker to manipulate the affected component to disclose sensitive information. The exact nature of the information disclosed is unspecified, but given the context, it could include configuration details, environment variables, or other internal application data that could aid further attacks. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N), making it relatively easy to exploit remotely. The impact is limited to confidentiality (VC:L), with no impact on integrity, availability, or other security properties. Although no exploits are currently known to be in the wild, the public disclosure of the exploit increases the risk of exploitation. The vulnerability affects multiple versions of xboot from 3.3.0 through 3.3.4, and no official patches or mitigations have been linked yet. Organizations using these versions of Exrick xboot with Spring Boot Admin/Actuator components should consider this vulnerability a significant risk to sensitive information exposure.

Detailed information about CVE-2025-8525: Information Disclosure in Exrick xboot affecting Exrick xboot. Get real-time updates, technical details, and mitigatio

CVE-2025-8525: Information Disclosure in Exrick xboot - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8525: Information Disclosure in Exrick xboot

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-8526: Unrestricted Upload in Exrick xboot affecting Exrick xboot. Get real-time updates, technical details, and mitigation s

CVE-2025-8526: Unrestricted Upload in Exrick xboot

CVE-2025-8526: Unrestricted Upload in Exrick xboot

Description

Technical Details

Related Threats

CVE-2025-50754: n/a

CVE-2025-51726: n/a

CVE-2025-51387: n/a

CVE-2025-8525: Information Disclosure in Exrick xboot

CVE-2025-50341: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility