Post Content Source: Read MoreÂ
Post Content Source: Read MoreÂ
For this review, I’ve evaluating the Kioxia Exceria Plus G2 Portable SSD. It’s available in 500GB, 1TB, and 2TB capacities.…
Miracle-WM 0.6 è l’ultima versione del compositore Wayland che integra un gestore di finestre “tiling” (affiancate), basato sul server grafico…
SphereView is an image viewer for 360° equirectangular photospheres and panoramas. It’s written in the Rust language. The post SphereView…
Once upon a time, there was a bank whose business relied on a mainframe. As the decades passed and the…
After Denmark, now the news is that French city Lyon is ditching Microsoft to set up a collaborative office with…
CVE ID : CVE-2025-3497
Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago
Description : The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 – VSAP 1.20) is obsolete and
reached end of life (EOL) on
June 30, 2024. Thus, any
unmitigated vulnerability could be exploited to affect this product.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3498
Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago
Description : An unauthenticated user with management network access can get and
modify the Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20)
configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration
and execute some commands (e.g., system reboot).
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3499
Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago
Description : The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary
commands that are executed with administrative permissions by the underlying operating system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6514
Published : July 9, 2025, 1:15 p.m. | 14 hours, 45 minutes ago
Description : mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53546
Published : July 9, 2025, 3:15 p.m. | 12 hours, 45 minutes ago
Description : Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges. This vulnerability is fixed in commit 585c6a591440cd39f92374230ac5d65d7dd23d6a.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-44177
Published : July 9, 2025, 4:15 p.m. | 11 hours, 45 minutes ago
Description : A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53652
Published : July 9, 2025, 4:15 p.m. | 11 hours, 45 minutes ago
Description : Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52357
Published : July 9, 2025, 8:15 p.m. | 7 hours, 49 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53624
Published : July 9, 2025, 9:15 p.m. | 6 hours, 45 minutes ago
Description : The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website’s source code. This vulnerability is fixed in 4.0.0.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6376
Published : July 9, 2025, 9:15 p.m. | 6 hours, 49 minutes ago
Description : A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6377
Published : July 9, 2025, 9:15 p.m. | 6 hours, 49 minutes ago
Description : A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-10391
Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0139
Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago
Description : An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…