CVE-2025-48990 – NeKernal Heap Overflow

June 2, 2025

CVE ID : CVE-2025-48990

Published : June 2, 2025, 12:15 p.m. | 2 hours, 56 minutes ago

Description : NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `”` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5443 – “Linksys Wireless Router Os Command Injection Vulnerability”

Next Article CVE-2025-48958 – Froxlor HTML Injection Vulnerability

Highlights

CVE-2025-48877 – Discourse Codepen Unintended JS Execution Vulnerability

June 9, 2025

CVE ID : CVE-2025-48877

Published : June 9, 2025, 1:15 p.m. | 2 hours, 25 minutes ago

Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site’s `allowed_iframes`.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-48990 – NeKernal Heap Overflow

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Invisible Forces: The Making of Phantom.land’s Interactive Grid and 3D Face Particle System

Tiny Screens, Big Impact

CVE-2025-47950 – CoreDNS QUIC Denial of Service (DoS) Vulnerability

CVE-2025-47824 – Flock Safety LPR Cleartext Code Storage Vulnerability

CVE-2025-48877 – Discourse Codepen Unintended JS Execution Vulnerability

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

Farmonics Dry Seeds Mix – 5-in-1 Superfood Blend for Daily Wellness

Xbox Cloud Gaming’s “Stream Your Own Game” feature comes to the Xbox PC app — live for Insiders today

CVE-2025-48990 – NeKernal Heap Overflow

Related Posts