CVE-2025-43955 – Convertigo TwsCachedXPathAPI Commons-JXPath API Deserialization Vulnerability

April 20, 2025

CVE ID : CVE-2025-43955

Published : April 20, 2025, 8:15 p.m. | 2 hours ago

Description : TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.

Severity: 2.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous Articlecrossdirstat is a file and directory statistics tool

Next Article CVE-2025-43954 – QMarkdown Quasar-ui-QMarkdown Cross-Site Scripting (XSS)

Highlights

CVE-2025-5455 – Qt Denial of Service Vulnerability in qDecodeDataUrl Function

June 2, 2025

CVE ID : CVE-2025-5455

Published : June 2, 2025, 9:15 a.m. | 2 hours, 7 minutes ago

Description : An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.

If the function was called with malformed data, for example, an URL that
contained a “charset” parameter that lacked a value (such as
“data:charset,”), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service
(abort).

This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-43955 – Convertigo TwsCachedXPathAPI Commons-JXPath API Deserialization Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

How to Download Karafun Player for Windows PC [2025 Guide]

Want AI to work for your business? Then privacy needs to come first

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

CVE-2025-5145 – Netcore Query String Handler Remote Command Injection Vulnerability

CVE-2025-5455 – Qt Denial of Service Vulnerability in qDecodeDataUrl Function

CVE-2025-34130 – LILIN Digital Video Recorder (DVR) Unauthenticated Arbitrary File Read Vulnerability

Loaf and order: Belgian police launch bread-based cybersecurity campaign

CVE-2025-20325 – Splunk Enterprise and Cloud Platform Search Head Cluster Secret Key Exposure

CVE-2025-43955 – Convertigo TwsCachedXPathAPI Commons-JXPath API Deserialization Vulnerability

Related Posts