Skip to main content
CVE-2025-11151 HIGH This Week

Information disclosure in Beyaz Bilgisayar CityPLus versions before V24.29500.1.0 allows remote unauthenticated attackers to discover unpublicized web pages and sensitive system information. The flaw is reported by Turkey's national CERT (USOM) and carries a CVSS 8.2 score reflecting network-reachable exposure of confidential data without authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Information Disclosure
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-61220 HIGH This Week

Unauthorized account access in AutoBizLine (Android package com.mysecondline.app) version 1.2.91 lets remote attackers authenticate as other users due to an incomplete identity-verification mechanism, exposing victims' personal information. The flaw is tagged as both an authentication bypass and information disclosure, and the affected user endpoint (/secondline/user/get_user/) suggests server-side access control that fails to bind a session to the correct account. No public exploit is confirmed in the input, though a third-party technical write-up exists on GitHub, and the EPSS score is low (0.33%, 25th percentile).

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-53066 HIGH PATCH CISA This Week

Unauthorized data access in Oracle Java SE JAXP component allows remote unauthenticated attackers to exfiltrate sensitive information from multiple Java platforms including Oracle Java SE (8u461 through 25), GraalVM for JDK (17.0.16, 21.0.8), and GraalVM Enterprise Edition (21.3.15). Exploitation requires no authentication, low complexity, and can occur through web services supplying malicious data to JAXP APIs or via sandboxed Java Web Start/applet deployments loading untrusted code. Oracle released patches in October 2025 Critical Patch Update with EPSS data unavailable at time of analysis. CVSS 7.5 reflects pure confidentiality impact with network attack vector.

Authentication Bypass Oracle Information Disclosure Java Graalvm +5
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy