CVE ID : CVE-2025-27212

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)

Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46094

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46093

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8529

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8530

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-systemsrcmainresourcesconfigapplication-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Flameshot 13.0 marks the screenshot tool’s first major update in over 3 years, adding Qt6 support, disabling Imgur uploads by…

brokefetch is the only system info tool that doesn’t pretend your life is okay. The post brokefetch – neofetch clone…

Fixit provides a highly configurable linting framework with support for auto-fixes, custom “local” lint rules, and hierarchical configuration. The post…

tinifier is a CLI tool for compressing images using the TinyPNG API, with parallel processing to speed up the workflow.…

Chrome’s Ozone backend will auto-detect Wayland on Linux from v140. This should fix issues with blurry text and UI elements…

GitHub Models brings AI into your GitHub Actions workflows, helping you automate triage, summarize, and more — right where your…

As a front-end developer, I’ve been pretty curious about how other people code up their websites. So I tend to…

astronaut is a Gemini browser for the terminal. It’s written in the Go programming language. The post astronaut – Gemini…

Here’s our verdict captured in a legendary LinuxLinks-style ratings chart. Only free and open source software is eligible for inclusion.…

Immich è un software open source progettato per il backup self-hosted di foto e video, pensato per chi desidera mantenere…

Share your “I wish…” for the future of design and development — and win a free ticket to Penpot Fest…

LXD è un moderno gestore di contenitori di sistema e macchine virtuali, sviluppato da Canonical, l’azienda dietro Ubuntu. Progettato per…

Lo scorso novembre vi avevo parlato di KDE Linux (conosciuta internamente come Project Banana), la nuova distribuzione ufficiale di KDE,…

Tamari is a fully-featured recipe manager web application built using Python and the Flask Framework. The post Tamari – fully-featured…

User inputs are frequently incorrect, which is why we validate them. So, for example, if the user is allowed to…