I’ve seen enough premium gaming handhelds — ASUS, Lenovo, and more could learn from AYANEO’s new budget-friendly line

July 29, 2025

AYANEO is a brand best known for creating Windows handheld gaming PCs. During today’s Strategy Sharing Session, the company revealed several new devices including a new budget line of handhelds.

Source: Read MoreÂ /

Previous ArticleVPN demand erupts in UK — outpacing France in the face of adult content rules

Next Article Grounded 2 needed to happen, and I’m so glad it did — because now I can ride a giant ant into battle

Highlights

CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

May 6, 2025

CVE ID : CVE-2025-46815

Published : May 6, 2025, 6:15 p.m. | 1 hour, 19 minutes ago

Description : The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application’s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It’s important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

I’ve seen enough premium gaming handhelds — ASUS, Lenovo, and more could learn from AYANEO’s new budget-friendly line

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-35003 – Apache NuttX RTOS Bluetooth Stack Buffer Overflow and Restriction Bypass Vulnerabilities

CVE-2025-23170 – Versa Networks Shell-In-A-Box Python Command Injection Vulnerability

ZDNET Editors’ Choice: What it is, and how we’re awarding the best products we review

atftp is a client/server implementation of the TFTP protocol

CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

CVE-2025-40620 – TCMAN’s GIM SQL Injection Vulnerability

Get a free Pixel 10 Pro or Pixel 10 Pro XL when you trade-in any phone at AT&T

CVE-2025-54131 – Cursor Command Injection Bypass

I’ve seen enough premium gaming handhelds — ASUS, Lenovo, and more could learn from AYANEO’s new budget-friendly line

Related Posts