Microsoft has quietly pushed out a fresh Edge update, version 139.0.3405.111, to the Stable Channel. This one is more about…
Do you want to install the Connect app in Windows 11, but couldn’t find it? Well, don’t worry. First of…
Microsoft is also refreshing how battery status is displayed in Windows 11 Insider Beta build 26120.5761 (KB5064093). The lock screen…
Microsoft has rolled out Windows 11 Insider Preview builds 26200.5761 (Dev) and 26120.5761 (Beta) under KB5064093, introducing the ability to…
Microsoft has announced a major upgrade to the Snipping Tool with the release of Windows 11 Insider Beta build 26120.5761…
Microsoft told Windows Latest that the Windows 11 KB5063878 issue requires you to open AutoCAD with admin permission (UAC prompt),…
#749 — August 22, 2025 Read on the Web ☀️ We’re back after a week off, though I’m starting to…
Artificial Intelligence isn’t new, but in November 2022, something changed. The launch of ChatGPT brought AI out of the background…
Agent Mode in Gemini Code Assist now available in VS Code and IntelliJ This mode was introduced last month to…
CVE ID : CVE-2025-41451
Published : Aug. 22, 2025, 3:15 a.m. | 23 hours ago
Description : Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command (‘Command Injection’) in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-57699
Published : Aug. 22, 2025, 7:15 a.m. | 18 hours, 59 minutes ago
Description : Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path.
A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-9254
Published : Aug. 22, 2025, 12:15 p.m. | 14 hours ago
Description : WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-9255
Published : Aug. 22, 2025, 12:15 p.m. | 14 hours ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2009-10006
Published : Aug. 22, 2025, 2:15 p.m. | 12 hours ago
Description : UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-55573
Published : Aug. 22, 2025, 3:15 p.m. | 11 hours ago
Description : QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29365
Published : Aug. 22, 2025, 4:15 p.m. | 10 hours ago
Description : spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51605
Published : Aug. 22, 2025, 4:15 p.m. | 10 hours ago
Description : An issue was discovered in Shopizer 3.2.7. The server’s CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-55741
Published : Aug. 22, 2025, 4:15 p.m. | 9 hours, 59 minutes ago
Description : UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-57771
Published : Aug. 22, 2025, 5:15 p.m. | 9 hours ago
Description : Roo Code is an AI-powered autonomous coding agent that lives in users’ editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution for a command such as ls, an attacker who can submit crafted prompts to the agent may inject arbitrary commands to be executed alongside the intended command. Exploitation requires attacker access to submit prompts and for the user to have enabled auto-approved command execution, which is disabled by default. This vulnerability could allow an attacker to execute arbitrary code. The issue is fixed in version 3.25.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-57800
Published : Aug. 22, 2025, 5:15 p.m. | 9 hours ago
Description : Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie, which is later used to redirect the user after authentication. The server then issues a 302 redirect to the attacker-controlled URL, appending sensitive OIDC tokens as query parameters. This allows an attacker to obtain the victim’s tokens and perform full account takeover, including creating persistent admin users if the victim is an administrator. Tokens are further leaked via browser history, Referer headers, and server logs. This vulnerability impacts all Audiobookshelf deployments using OIDC; no IdP misconfiguration is required. The issue is fixed in version 2.28.0. No known workarounds exist.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…