CVE CyberSecurity Database News

Jun 5, 2025 Exploit PHP

CVE-2025-48493 - Sensitive Redis AUTH Credentials Logged in Plain Text by Yii2 Redis Extension

If you build web applications using the PHP Yii2 framework, you might use the Yii2 Redis extension to connect your app to a Redis database.

Jun 3, 2025 PHP

CVE-2025-48951 - Insecure Deserialization in Auth-PHP SDK — How Malicious Cookies Can Compromise Your PHP App

A serious vulnerability (CVE-2025-48951) has been discovered in Auth-PHP, an SDK used for authentication and user management with Auth. If your app uses Auth-PHP versions

Jun 3, 2025 API Exploit

CVE-2025-25022 - Info Leak in IBM QRadar Suite & Cloud Pak for Security – Exploit & Analysis

A new critical vulnerability, CVE-2025-25022, has shaken the cybersecurity world. This flaw affects IBM QRadar Suite Software versions 1.10.12. through 1.11.2.

Jun 3, 2025 Exploit

CVE-2025-4517 - Arbitrary Filesystem Write via Python `tarfile` Extraction with `filter="data"`

A new vulnerability, CVE-2025-4517, has been discovered in Python’s popular tarfile module. This issue allows attackers to write arbitrary files anywhere on your filesystem

Jun 3, 2025 Exploit

CVE-2024-12718 - How Python’s tarfile Extraction Filters Can Mess with Your Files

What is CVE-2024-12718? CVE-2024-12718 is a newly reported vulnerability in the Python tarfile module. In simple words, it’s a security hole in how Python