Microsoft has rolled out Edge 139 to all Stable Channel users, bringing performance tweaks, a redesigned settings menu, and new…
Microsoft has rolled out a new security baseline for Edge version 139, making a key change to its recommended enterprise…
OpenAI’s latest AI model, GPT-5, isn’t as good as Sam Altman hyped it, at least according to initial testers. The…
The weekend’s almost here, but Xbox isn’t making you wait to start playing. This week’s Free Play Days lineup is…
NVIDIA GeForce NOW members are getting a packed week of cloud gaming, with five new titles joining the service, with…
Microsoft is adding a new way to catch up on your work in Word without staring at the screen. The…
Microsoft is testing a new AI tool called Copilot 3D, and it’s all about turning regular images into 3D models.…
#748 — August 8, 2025 Read on the Web ☀️ We’re taking next week off, so this will be the…
It’s a common misconception that internationalization (i18n) is simply about translating text. While crucial, translation is merely one facet. One…
OpenAI launches GPT-5 OpenAI announced the availability of GPT-5, which it says is “smarter across the board” compared to previous…
CVE ID : CVE-2025-50692
Published : Aug. 7, 2025, 7:15 p.m. | 1 day, 4 hours ago
Description : FoxCMS
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54886
Published : Aug. 8, 2025, 1:15 a.m. | 22 hours, 44 minutes ago
Description : skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops’ secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54887
Published : Aug. 8, 2025, 1:15 a.m. | 22 hours, 44 minutes ago
Description : jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48913
Published : Aug. 8, 2025, 10:15 a.m. | 13 hours, 44 minutes ago
Description : If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.
Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53606
Published : Aug. 8, 2025, 10:15 a.m. | 13 hours, 44 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): 2.4.0.
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8748
Published : Aug. 8, 2025, 11:15 a.m. | 12 hours, 44 minutes ago
Description : MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious
HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the
underlying operating system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2020-9322
Published : Aug. 8, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8730
Published : Aug. 8, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8356
Published : Aug. 8, 2025, 4:15 p.m. | 7 hours, 44 minutes ago
Description : In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8731
Published : Aug. 8, 2025, 4:15 p.m. | 7 hours, 44 minutes ago
Description : A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…