CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...

WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection

Software Seriously Simple Stats Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45001 Patch priority Low CVSS severity Low 8.5 Developer Castos PSID 84cb56be8542 Credits Rafie Muhammad Patchstack Required privilege Podcas...

Insecure header validation in slim/psr7

Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...