CVE-2025-48738 – StrangeBee TheHive Email Flood Vulnerability

May 23, 2025

CVE ID : CVE-2025-48738

Published : May 23, 2025, 8:15 p.m. | 37 minutes ago

Description : An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exhaustion for targeted users, reputation damage to the SMTP server, potentially causing it to be blacklisted, and overload of the SMTP server’s outbound mail queue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48739 – TheHive SSRF

Next Article CVE-2025-48735 – BOS IPC SQL Injection Vulnerability

Highlights

CVE-2025-6131 – CodeAstro Food Ordering System Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-6131

Published : June 16, 2025, 5:15 p.m. | 1 hour, 6 minutes ago

Description : A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-48738 – StrangeBee TheHive Email Flood Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2023-28902 – Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

This $449 Lenovo convertible laptop gets up to 13 hours of battery life

Managed Service Offering (MSO) Support Ticketing System

CVE-2025-6131 – CodeAstro Food Ordering System Cross-Site Scripting Vulnerability

A security key for every employee? Yubikey-as-a-Service goes global

AI agents will threaten humans to achieve their goals, Anthropic report finds

Dual Booting CachyOS and Windows

CVE-2025-48738 – StrangeBee TheHive Email Flood Vulnerability

Related Posts