Logseq is different from the conventional note-taking applications in many aspects. Firstly, it follows a note block approach, rather than…
Rancher Releases Patch for CVE-2024-22031 Privilege Escalation Vulnerability
The SUSE Rancher Security Team has issued a security advisory regarding a newly disclosed vulnerability affecting multiple versions of Rancher, the popular open-source container management platform. T …
Read more
Published Date:
Apr 30, 2025 (3 hours, 37 minutes ago)
Vulnerabilities has been mentioned in this article.
High-Severity DoS Vulnerability Found in PowerDNS DNSdist (CVE-2025-30194)
The PowerDNS team has issued a high-severity security advisory—CVE-2025-30194—regarding a newly discovered denial-of-service (DoS) vulnerability in DNSdist, the company’s DNS load balancer. The flaw a …
Read more
Published Date:
Apr 30, 2025 (3 hours, 18 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-30194
CVE-2024-25581
CVE-2023-30847
Chrome Update Fixes High-Severity Security Flaw (CVE-2025-4096)
The Chrome team has just rolled out its latest stable channel update (version 136) for Windows, Mac, and Linux, and while it brings the usual dose of under-the-hood improvements, the spotlight is firm …
Read more
Published Date:
Apr 30, 2025 (2 hours, 15 minutes ago)
Vulnerabilities has been mentioned in this article.
CISA Adds SAP NetWeaver Zero-Day CVE-2025-31324 to KEV Database
A critical security vulnerability in SAP NetWeaver is under active exploitation, posing a significant threat to organizations worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) has …
Read more
Published Date:
Apr 30, 2025 (1 hour, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability
The Chrome team has officially promoted Chrome 136 to the stable channel for Windows, Mac, and Linux, marking a significant update for users across platforms.
The rollout, which will occur over the co …
Read more
Published Date:
Apr 30, 2025 (1 hour, 45 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2023-4377
Published : April 29, 2025, 11:15 p.m. | 3 hours, 52 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3358
Published : April 29, 2025, 11:16 p.m. | 3 hours, 52 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29906
Published : April 29, 2025, 11:16 p.m. | 3 hours, 52 minutes ago
Description : Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46552
Published : April 29, 2025, 11:16 p.m. | 3 hours, 52 minutes ago
Description : KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30202
Published : April 30, 2025, 1:15 a.m. | 1 hour, 52 minutes ago
Description : vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts. Any client with network access to this host can connect to this XPUB socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker. By potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher. This issue has been patched in version 0.8.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32444
Published : April 30, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46560
Published : April 30, 2025, 1:15 a.m. | 1 hour, 52 minutes ago
Description : vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens (e.g., , ) with repeated tokens based on precomputed lengths. Due to inefficient list concatenation operations, the algorithm exhibits quadratic time complexity (O(n²)), allowing malicious actors to trigger resource exhaustion via specially crafted inputs. This issue has been patched in version 0.8.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Post Content Source: Read MoreÂ
A new study shows users stick with Google mostly out of habit and default settings. Claims many had never tried…
EA has canceled two projects at Respawn Entertainment, laying off developers on Apex Legends and Star Wars Jedi. Source: Read…
Helldivers 2 developer Arrowhead says there’s “exciting news to come” and a new Warbond coming in May…but there are fears…
In recognition of STALKER 2’s excellence, Microsoft and Xbox have given developer GSC Game World a special award. Source: Read…
Season 8 of Diablo 4 just launched, but don’t be hasty on purchasing the Battle Pass, now called Reliquaries as…
A Minecraft Movie continues its box office dominance, and Warner Bros. has announced special “Block Party Edition” screenings for fans…