CVE ID : CVE-2013-10061

Published : Aug. 1, 2025, 9:15 p.m. | 2 hours, 19 minutes ago

Description : An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2013-10062

Published : Aug. 1, 2025, 9:15 p.m. | 2 hours, 19 minutes ago

Description : A directory traversal vulnerability exists in Linksys router’s web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2013-10063

Published : Aug. 1, 2025, 9:15 p.m. | 2 hours, 19 minutes ago

Description : A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13978

Published : Aug. 1, 2025, 10:15 p.m. | 1 hour, 19 minutes ago

Description : A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

Severity: 2.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54424

Published : Aug. 1, 2025, 11:15 p.m. | 19 minutes ago

Description : 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54132

Published : Aug. 1, 2025, 11:15 p.m. | 19 minutes ago

Description : Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54131

Published : Aug. 1, 2025, 11:15 p.m. | 19 minutes ago

Description : Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54792

Published : Aug. 1, 2025, 11:15 p.m. | 19 minutes ago

Description : LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software’s discovery protocol allows an unauthenticated attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

mpd-mpris is an implementation of the MPRIS protocol for MPD. The Media Player Remote Interfacing Specification (MPRIS) is a standard…

Members of Thinking Machines Lab, run by OpenAI’s former CTO, reportedly turned down Meta’s compensation packages ranging from $200 million…

4MLinux è una distribuzione GNU/Linux leggera e indipendente, pensata per offrire un ambiente operativo essenziale ma completo, adatto anche a…

Constrict compresses your videos to your chosen file size — useful for uploading to services with specific file size limits.…

The US ending tariff exemption on goods under $800 could send the price of Raspberry Pi, mini PCs and other…

Prospector is a tool to analyse Python code and output information about errors, potential problems, convention violations and complexity. The…

Share and collaborate on recipes, manage household shopping lists and meal planning, and import recipes from anywhere on the web…

Detto, fatto! Hyprland ha ufficialmente lanciato Hyprperks, offrendo ai fan contenuti esclusivi, accesso al supporto e miglioramenti per il desktop…

July 2025 updates to the largest compilation of recommended free and open source software available for Linux. The post Best…

Pylama is an open source code audit tool for Python. Pylama wraps a variety of open source tools, mostly linters.…

If monkeys aren’t your bag, Manuel H. is down to clown. “If anyone wants to know the address of that…

Ubuntu’s DING extension adds new keyboard shortcuts for desktop icon selection, including multi-select, Ctrl+Space toggle, and HOME/END navigation. You’re reading…