Debian è una delle distribuzioni GNU/Linux più antiche e rispettate, nota per la sua stabilità, sicurezza e impegno verso il…
Length is a GNOME application for measuring distances on screen to help you design and inspect layouts and graphics. The…
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The MocaccinoOS development team has announced the release of MocaccinoOS 1.8.3, a minor update of the project’s minimalist, Gentoo-based Linux distribution with a custom package manager called “Luet” and a choice of four popular desktops: “Today we are releasing MocaccinoOS 1.8.3. This is mostly an upgraded version that….
RondoDox: Sophisticated Botnet Exploits TBK DVRs & Four-Faith Routers for DDoS Attacks
RondoDox downloader shell script | Image: FortiGuard Labs
FortiGuard Labs has uncovered a stealthy and highly adaptive botnet dubbed RondoDox, which is actively exploiting two critical vulnerabilities …
Read more
Published Date:
Jul 05, 2025 (2 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53367
CVE-2024-9644
CVE-2024-9643
CVE-2024-12856
CVE-2024-3721
CVE-2025-53367: DjVuLibre Vulnerability Opens Path to Linux Desktop Code Execution, PoC Available!
A newly discovered critical vulnerability in DjVuLibre, the open-source decoder for DjVu document files, has opened the door to remote code execution attacks on Linux desktop environments. The flaw, t …
Read more
Published Date:
Jul 05, 2025 (1 hour, 56 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53367
HPE Completes $14B Juniper Networks Acquisition, Doubles Networking Business & Boosts AI Portfolio
Following the acquisition announcement earlier this year, HPE has officially completed its purchase of networking solutions provider Juniper Networks. This strategic move aims to expand HPE’s footprin …
Read more
Published Date:
Jul 05, 2025 (1 hour, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
Apple Prioritizes Foldable iPhone: Pauses Foldable iPad Development Amid Production Challenges
According to information obtained by DigiTimes, Apple appears to have paused the development of its foldable iPad and is now redirecting more resources toward a foldable iPhone, suggesting that the la …
Read more
Published Date:
Jul 05, 2025 (1 hour, 31 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-27821
Amazon Shuts Down Freevee: What’s Next for Free Streaming on Prime Video?
Amazon has announced that it will shut down its free streaming service, Freevee, this August, with all content set to be migrated to its subscription-based platform, Prime Video. However, the company …
Read more
Published Date:
Jul 05, 2025 (1 hour, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-4577
CVE-2022-2385
Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition
Key Takeaways1. Next.js versions 15.1.0-15.1.8 have a cache poisoning bug causing DoS attacks through blank page delivery.2. Needs affected Next.js version + ISR with cache revalidation + SSR with CDN …
Read more
Published Date:
Jul 05, 2025 (49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49826
CVE ID : CVE-2025-48952
Published : July 4, 2025, 11:15 p.m. | 4 hours, 41 minutes ago
Description : NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted “magic hash” values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain “weird” passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26850
Published : July 5, 2025, 12:15 a.m. | 3 hours, 29 minutes ago
Description : The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43711
Published : July 5, 2025, 12:15 a.m. | 3 hours, 29 minutes ago
Description : Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53603
Published : July 5, 2025, 1:15 a.m. | 2 hours, 41 minutes ago
Description : In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53604
Published : July 5, 2025, 1:15 a.m. | 2 hours, 41 minutes ago
Description : The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53605
Published : July 5, 2025, 1:15 a.m. | 2 hours, 41 minutes ago
Description : The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-58254
Published : July 5, 2025, 2:15 a.m. | 1 hour, 41 minutes ago
Description : The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47228
Published : July 5, 2025, 3:15 a.m. | 41 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47227
Published : July 5, 2025, 3:15 a.m. | 41 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Microsoft has culled many second-party publishing projects at Xbox, but OD isn’t one of them. Source: Read More / Windows Central
The recent layoffs seem to be part of Microsoft’s strategy to improve its sales of AI tools metrics, with customers…