CVE-2025-43929 – Kitty Open Actions Local File Execution Vulnerability

April 20, 2025

CVE ID : CVE-2025-43929

Published : April 20, 2025, 3:15 a.m. | 23 hours ago

Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2020-36844 – KnowBe4 Security Awareness Training Reflective Cross-Site Scripting

Next Article CVE-2025-39595 – Quentn WP SQL Injection

Highlights

CVE-2025-5023 – Mitsubishi Electric Corporation EcoGuideTAB Photovoltaic System Monitor Hard-coded Credentials Backdoor

July 10, 2025

CVE ID : CVE-2025-5023

Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

Description : Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to disclose information such as generated power and electricity sold back to the grid stored in the product, tamper with or destroy stored or configured information in the product, or cause a Denial-of-Service (DoS) condition on the product, by using hardcoded user ID and password common to the product series obtained by exploiting CVE-2025-5022. However, the product is not affected by this vulnerability when it remains unused for a certain period of time (default: 5 minutes) and enters the power-saving mode with the display unit’s LCD screen turned off. The affected products discontinued in 2015, support ended in 2020.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How to Align Your Website with Proven UX Best Practices

August 15, 2025

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

June 2, 2025

Mortal Shell 2 was Summer Game Fest’s first banger announcement, and the Soulslike sequel is getting a beta before release

June 7, 2025

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-43929 – Kitty Open Actions Local File Execution Vulnerability

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

CVE-2013-10061 – Netgear Router OS Command Injection Vulnerability

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities

Sand Blast

CVE-2025-5023 – Mitsubishi Electric Corporation EcoGuideTAB Photovoltaic System Monitor Hard-coded Credentials Backdoor

How to Align Your Website with Proven UX Best Practices

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

Mortal Shell 2 was Summer Game Fest’s first banger announcement, and the Soulslike sequel is getting a beta before release

CVE-2025-43929 – Kitty Open Actions Local File Execution Vulnerability

Related Posts