CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3856

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleI got my hands on the redesigned successor to 2024’s best gaming laptop for most people — I’m confident that I’m going to love it, but there is ONE downside

Next Article CVE-2025-3854 – H3C GR-3000AX HTTP POST Request Handler Buffer Overflow Vulnerability

Highlights

CVE-2025-36026 – IBM Datacap Insecure Cookie Handling Vulnerability

June 27, 2025

CVE ID : CVE-2025-36026

Published : June 28, 2025, 1:15 a.m. | 1 hour, 59 minutes ago

Description : IBM Datacap 9.1.7, 9.1.8, and 9.1.9

does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

How to Extend the Django User Model

CVE-2025-49600 – MbedTLS LMS Signature Forgery Vulnerability

Microsoft 365 Web Apps Get Simple Edit Access Request Option

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 16/2025

CVE-2025-36026 – IBM Datacap Insecure Cookie Handling Vulnerability

These apps are quietly draining your phone battery – how to find and shut them down

New Linux udisks flaw lets attackers get root on major Linux distros

Rilasciata Arch Linux Enhance Xenial (ALEX) aggiornata a maggio 2025

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Related Posts