Xbox is rolling out age verification for UK-based players to meet new safety rules. Starting now, adult users in the…
Google is adding a new AI feature to Chrome that gives U.S. shoppers a quick summary of how trustworthy an…
According to a new report by Bloomberg, Microsoft and OpenAI are reportedly close to finalizing a new agreement that would…
A recently discovered flaw in the security of macOS systems has the potential to allow malicious actors to bypass privacy…
Microsoft has introduced PivotTable Auto Refresh, a long-awaited feature for Excel users. By automatically updating PivotTables whenever new data is…
Microsoft’s Link to Windows app just got a major UI overhaul with added functionalities on the beta version for Android.…
Windows 10 is officially a decade old now. It was launched on July 29, 2025, and has less than ten…
10 Reasons To Build a Full-stack Python Development Company Page Updated On GET A FREE QUOTE The Ultimate Guide to…
More and more developers are adopting AI, but the trust they have in its outputs is getting worse and worse…
CVE ID : CVE-2025-53078
Published : July 29, 2025, 5:15 a.m. | 18 hours, 44 minutes ago
Description : Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8264
Published : July 29, 2025, 5:15 a.m. | 18 hours, 44 minutes ago
Description : Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database.
**Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured.
Mitigation
Change configuration to use the default or LDAP in backend/imap/config.php
php
define(‘IMAP_DEFAULTFROM’, ”);
or
php
define(‘IMAP_DEFAULTFROM’, ‘ldap’);
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7689
Published : July 29, 2025, 10:15 a.m. | 13 hours, 44 minutes ago
Description : The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6504
Published : July 29, 2025, 1:15 p.m. | 10 hours, 44 minutes ago
Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.
Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.
This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6505
Published : July 29, 2025, 1:15 p.m. | 10 hours, 44 minutes ago
Description : Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software’s Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.
When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46059
Published : July 29, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-50738
Published : July 29, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user’s IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31965
Published : July 29, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44136
Published : July 29, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter “layer” is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim’s browser.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44137
Published : July 29, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of “../” and thus read any file on the web server. Affected GET parameters are “TileMatrix”, “TileRow”, “TileCol” and “Format”
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7675
Published : July 29, 2025, 6:15 p.m. | 5 hours, 11 minutes ago
Description : A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…