CVE-2025-27459 – VNC Weak Password Storage

July 3, 2025

CVE ID : CVE-2025-27459

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27460 – Dell Device Physical Storage Unencrypted Vulnerability

Next Article CVE-2025-27458 – VNC Password Derivation Vulnerability

Highlights

CVE-2025-6738 – Huija Bicycle Sharing Server SQL Injection Vulnerability

June 26, 2025

CVE ID : CVE-2025-6738

Published : June 27, 2025, 1:15 a.m. | 19 minutes ago

Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2025-27459 – VNC Weak Password Storage

CVE-2023-50786 – Dradis HTTP Image Reference Vulnerability (Arbitrary Code Execution)

RondoDox: Sophisticated Botnet Exploits TBK DVRs & Four-Faith Routers for DDoS Attacks

CVE-2025-4194 – WordPress AlT Monitoring CSRF

CVE-2025-48369 – Group-Office Cross-Site Scripting (XSS) Vulnerability in Tasks Comment Functionality

100,000+ WordPress Sites at Risk as SureTriggers Exploit Goes Live

CVE-2025-6886 – Tenda AC5 Stack-Based Buffer Overflow Vulnerability

CVE-2025-6738 – Huija Bicycle Sharing Server SQL Injection Vulnerability

CVE-2025-44865 – Tenda W20E Command Injection Vulnerability

Distribution Release: Murena 2.9

CVE-2025-5872 – eGauge EG3000 Energy Monitor Authentication Bypass Vulnerability

CVE-2025-27459 – VNC Weak Password Storage

Related Posts