This article takes a closer look at Bolt.new, a lightning-fast AI engineer that builds websites and apps based on your…
Day-by-day we’re learning more on what to expect in Ubuntu 25.10 ‘Questing Quokka’, the next short-term release of Ubuntu due…
Clever, clever that Andy Bell. He shares a technique for displaying image alt text when the image fails to load.…
GNOME is looking to jettison X11 session support – as soon as this year, which may impact Ubuntu’s plans for…
Multimodal mathematical reasoning enables machines to solve problems involving textual information and visual components like diagrams and figures. This requires…
CVE ID : CVE-2024-9544
Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4280
Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application’s previously granted TCC permissions to access user’s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker’s malicious intent.
This issue has been fixed in 3.6.3 version of Poedit.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4405
Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4419
Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the ‘path’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-25010
Published : May 22, 2025, 11:15 a.m. | 52 minutes ago
Description : Ericsson RAN Compute
and Site Controller 6610 contains in certain configurations a high severity
vulnerability where improper input validation could be exploited leading to arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3444
Published : May 22, 2025, 11:15 a.m. | 52 minutes ago
Description : Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41403
Published : May 22, 2025, 11:15 a.m. | 52 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3836
Published : May 22, 2025, 11:15 a.m. | 52 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5073
Published : May 22, 2025, 11:15 a.m. | 52 minutes ago
Description : A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Keila is an open source alternative to newsletter tools like Mailchimp or Sendinblue. The post Keila is a newsletter tool…
Daimonin è un videogioco MMORPG (Massively Multiplayer Online Role-Playing Game) open source, pubblicato nel 2003. Si tratta di un gioco…
Nuova puntata del podcast di Marco’s Box, come sempre dedicata a commentare le principali notizie della settimana (circa) appena trascorsa.…
Rocky Linux è una distribuzione GNU/Linux di tipo comunitario, nata con l’obiettivo di fornire una piattaforma stabile, affidabile e completamente…
OmniOS is an illumos based server operating system with ZFS, bhyve, KVM and Linux zone support. The post OmniOS Community…
ZOTAC, noto produttore di componenti per computer con sede a Hong Kong, ha presentato al Computex il prototipo della sua…