CVE-2024-57698 – Modernwms Information Disclosure Vulnerability

April 29, 2025

CVE ID : CVE-2024-57698

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4078 – Wangshen SecGate 3600 2400 File Path Traversal Vulnerability

Next Article CVE-2025-0520 – ShowDoc Unrestricted File Upload RCE

Highlights

CVE-2025-38174 – “Thunderbolt: Double Dequeue Vulnerability”

July 4, 2025

CVE ID : CVE-2025-38174

Published : July 4, 2025, 11:15 a.m. | 37 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Do not double dequeue a configuration request

Some of our devices crash in tb_cfg_request_dequeue():

general protection fault, probably for non-canonical address 0xdead000000000122

CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65
RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0
Call Trace:

? tb_cfg_request_dequeue+0x2d/0xa0
tb_cfg_request_work+0x33/0x80
worker_thread+0x386/0x8f0
kthread+0xed/0x110
ret_from_fork+0x38/0x50
ret_from_fork_asm+0x1b/0x30

The circumstances are unclear, however, the theory is that
tb_cfg_request_work() can be scheduled twice for a request:
first time via frame.callback from ring_work() and second
time from tb_cfg_request(). Both times kworkers will execute
tb_cfg_request_dequeue(), which results in double list_del()
from the ctl->request_queue (the list poison deference hints
at it: 0xdead000000000122).

Do not dequeue requests that don’t have TB_CFG_REQUEST_ACTIVE
bit set.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

Understanding the code modernization conundrum

Onboarding your AI peer programmer: Setting up GitHub Copilot coding agent for success

Quality Over Speed: A Case for Perfectionism

UK Quantum computing is going universal through scaling

CodeSOD: What a CAD

See Your WordPress Scheduled Tasks (Cron Jobs)

See Your WordPress Scheduled Tasks (Cron Jobs)

Cypress Automation: Tag-Based Parallel Execution with Custom Configuration

Why Real-Time Voice Translation Is a Game-Changer for Global Contact Centers

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

Windows 11’s MSN Widgets board now opens in default browser, such as Chrome (EU only)

Microsoft’s new “move to Windows 11” campaign implies buying OneDrive paid plan

CVE-2024-57698 – Modernwms Information Disclosure Vulnerability

The hidden risks of browser extensions – and how to stay safe

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

CVE-2025-46655 – CodiMD AWS S3 SVG XSS Bypass

Lost in translation? Amazon Q Developer now speaks more languages

How Do LLMs Really Reason? A Framework to Separate Logic from Knowledge

⚡ PERFATHON 2025 – The First-Ever Hackathon at Perficient 👩‍💻

CVE-2025-38174 – “Thunderbolt: Double Dequeue Vulnerability”

Wi-Fi Smart Apps and the Role of Mobile App Development Services

Raspberry Pi 5 Desktop Mini PC: Ollama GUI

How React Native Can Help Small Businesses Scale Quickly🚀

CVE-2024-57698 – Modernwms Information Disclosure Vulnerability

Related Posts