Obsidian has emerged as a powerful and flexible knowledge management tool, despite NOT being an open source product. Using plugins…
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: CRUX 3.8
News: FreeBSD improves laptop support and introduces a tool to transition to pkgbase, Fedora confirms X11 sessions will be dropped from GNOME, HardenedBSD introduces Rust support in userland build, KDE works on virtual machine manager, Linux Mint forks libAdwaita
Questions and answers:….
Linux 6.15 kernel released with new NVIDIA Rust driver, major exFAT performance gains, controversial fwctl subsystem, and more hardware support.…
systemctl is a command-line tool that allows for the management and monitoring of the systemd system and service manager. The…
CVE ID : CVE-2025-47568
Published : May 23, 2025, 1:15 p.m. | 2 days, 6 hours ago
Description : Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47575
Published : May 23, 2025, 1:15 p.m. | 2 days, 6 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5151
Published : May 25, 2025, 5:15 p.m. | 3 hours, 41 minutes ago
Description : A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is named 502. It is recommended to apply a patch to fix this issue. The code maintainer explains, that “[they] have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks. Having said that, we have added a SECURITY section in our README to make this clearer to users.”
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5152
Published : May 25, 2025, 5:15 p.m. | 3 hours, 41 minutes ago
Description : A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5153
Published : May 25, 2025, 6:15 p.m. | 2 hours, 41 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5154
Published : May 25, 2025, 7:15 p.m. | 1 hour, 41 minutes ago
Description : A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5155
Published : May 25, 2025, 8:15 p.m. | 41 minutes ago
Description : A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Box64 enables running x86_64 Linux programs, including games, on non-x86_64 Linux systems such as Arm The post Box64 is a…
CVE ID : CVE-2025-5149
Published : May 25, 2025, 1:15 p.m. | 3 hours, 52 minutes ago
Description : A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5150
Published : May 25, 2025, 3:15 p.m. | 1 hour, 52 minutes ago
Description : A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Send and receive files wirelessly with Android devices using Quick Share or another device with Packet installed. The post Packet…
The core idea of Multimodal Large Language Models (MLLMs) is to create models that can combine the richness of visual…
Almost every site has accessibility problems. Recent large-scale scans of the world’s most-visited pages revealed that more than 94 percent failed at least one WCAG success criterion. At the same time, digital-accessibility lawsuits in the United States exceeded 4,600 last year, most aimed squarely at websites. With an estimated 1.3 billion people living with disabilities,
The post Automated Accessibility Testing: Tools, CI/CD Integration, and Business Benefits appeared first on Codoid.
systemd Pilot is a desktop application for managing systemd services on Linux systems. it can be described as a GUI…
CVE ID : CVE-2025-5147
Published : May 25, 2025, 12:15 p.m. | 40 minutes ago
Description : A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5148
Published : May 25, 2025, 12:15 p.m. | 40 minutes ago
Description : A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…