Released Actions Up – Interactive GitHub Actions updater with SHA pinning

August 27, 2025

Comments

Source: Read MoreÂ

javascript

Previous ArticleDesigning For TV: The Evergreen Pattern That Shapes TV Experiences

Next Article Xbox Insiders with Game Pass Core & Standard Can Enjoy Cloud Gaming Now

Highlights

CVE-2025-4328 – Spring Cloud Base HTTP Header Handler Open Redirect Vulnerability

May 6, 2025

CVE ID : CVE-2025-4328

Published : May 6, 2025, 7:15 a.m. | 32 minutes ago

Description : A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

Released Actions Up – Interactive GitHub Actions updater with SHA pinning

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

1Password extends enterprise credential management beyond humans to AI agents

AI Turned My Face Into a Cartoon—Hackers Turned It Into a Weapon

Trump to Google, Microsoft: Stop Hiring in India, Focus on American Workers

CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

CVE-2025-4328 – Spring Cloud Base HTTP Header Handler Open Redirect Vulnerability

CVE-2025-30102 – Dell PowerScale OneFS Out-of-Bounds Write Vulnerability

Why GPT-5’s rocky rollout is the reality check we needed on superintelligence hype

CVE-2025-47219 – GStreamer isomp4 Information Disclosure Vulnerability

Released Actions Up – Interactive GitHub Actions updater with SHA pinning

Related Posts