CVE-2025-51865 – Allenai Ai2 Playground Web Service IDOR

July 22, 2025

CVE ID : CVE-2025-51865

Published : July 22, 2025, 3:15 p.m. | 9 hours, 29 minutes ago

Description : Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to gain sensitvie information via enumerating thread keys in the URL.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-51480 – ONNX Path Traversal Vulnerability

Next Article CVE-2025-8017 – Tenda AC7 HTTPd Stack-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-7324 – IrfanView CADImage Plugin DXF File Parsing Out-Of-

July 21, 2025

CVE ID : CVE-2025-7324

Published : July 21, 2025, 8:15 p.m. | 4 hours, 25 minutes ago

Description : IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26430.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

AI-enabled software development: Risk of skill erosion or catalyst for growth?

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Power bank slapped with a recall? Stop using it now – here’s why

I recommend these budget earbuds over pricier Bose and Sony models – here’s why

Microsoft’s big AI update for Windows 11 is here – what’s new

Slow internet speed on Linux? This 30-second fix makes all the difference

Singleton and Scoped Container Attributes in Laravel 12.21

Singleton and Scoped Container Attributes in Laravel 12.21

wulfheart/laravel-actions-ide-helper

lanos/laravel-cashier-stripe-connect

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

Sam Altman is “terrified” of voice ID fraudsters embracing AI — and threats of US bioweapon attacks keep him up at night

NVIDIA boasts a staggering $111 million in market value per employee — since it became the world’s first $4 trillion company

CVE-2025-51865 – Allenai Ai2 Playground Web Service IDOR

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

CVE-2025-3301 – Marvell Series 2 DPA Vulnerability: ECDH and EdDSA Countermeasures Missing

CVE-2025-38165 – Linux BPF Sockmap Panic Vulnerability

A Step-by-Step Guide on Building, Customizing, and Publishing an AI-Focused Blogging Website with Lovable.dev and Seamless GitHub Integration

CVE-2025-49861 – Kama Click Counter Cross-site Scripting Vulnerability

CVE-2025-7324 – IrfanView CADImage Plugin DXF File Parsing Out-Of-

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

DistroWatch Weekly, Issue 1131

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

CVE-2025-51865 – Allenai Ai2 Playground Web Service IDOR

Related Posts