This post is based on a technical report written by Kazuki Fujii, who led the Llama 3.3 Swallow model development.…
Development
According to the World Health Organization, more than 2.2 billion people globally have vision impairment. For compliance with disability legislation,…
This post was co-written with Herb Brittner from Netsertive. Netsertive is a leading digital marketing solutions provider for multi-location brands…
Generative AI is revolutionizing how businesses operate, interact with customers, and innovate. If you’re embarking on the journey to build…
We’re excited to announce that Amazon Bedrock Custom Model Import now supports Qwen models. You can now import custom weights for Qwen2, Qwen2_VL, and Qwen2_5_VL…
CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM
Source: Andreas Prott via Alamy Stock PhotoThe Cybersecurity and Infrastructure Security Agency (CISA) is urging SimpleHelp customers to patch a known vulnerability following a wave of ransomware atta …
Read more
Published Date:
Jun 13, 2025 (2 hours, 7 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-57727
CVE ID : CVE-2025-24311
Published : June 13, 2025, 9:15 p.m. | 57 minutes ago
Description : An out-of-bounds read vulnerability exists in the cv_send_blockdata
functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted
ControlVault API call can lead to an information leak. An attacker can
issue an API call to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-24922
Published : June 13, 2025, 9:15 p.m. | 57 minutes ago
Description : A stack-based buffer overflow vulnerability exists in the
securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A
specially crafted malicious cv_object can lead to a arbitrary code
execution. An attacker can issue an API call to trigger this
vulnerability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25050
Published : June 13, 2025, 9:15 p.m. | 57 minutes ago
Description : An out-of-bounds write vulnerability exists in the
cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36.
A specially crafted ControlVault API call can lead to an out-of-bounds
write. An attacker can issue an API call to trigger this vulnerability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49598
Published : June 13, 2025, 9:15 p.m. | 57 minutes ago
Description : conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6083
Published : June 13, 2025, 9:15 p.m. | 57 minutes ago
Description : In ExtremeCloud Universal ZTNA, a syntax error in the ‘searchKeyword’ condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specfic owenr_id.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49584
Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago
Description : XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default for an XWiki installation. This allows an attacker to get titles of pages whose reference is known, one title per request. This doesn’t affect fully private wikis as the REST endpoint checks access rights on the XClass definition. The impact on confidentiality depends on the strategy for page names. By default, page names match the title, so the impact should be low but if page names are intentionally obfuscated because the titles are sensitive, the impact could be high. This has been fixed in XWiki 16.4.7, 16.10.3 and 17.0.0 by adding access control checks before getting the title of any page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49585
Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago
Description : XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior warning. In particular, this concerns custom display code, the script of computed properties and queries in database list properties. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49586
Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago
Description : XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49587
Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago
Description : XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49597
Published : June 13, 2025, 8:15 p.m. | 43 minutes ago
Description : handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called “gadget chain” presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49596
Published : June 13, 2025, 8:15 p.m. | 43 minutes ago
Description : The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24
The Good | Operation Secure Dismantles Global Infostealer Infrastructure in Multi-Nation Crackdown
An international law enforcement initiative dubbed “Operation Secure” delivered a significant blow to …
Read more
Published Date:
Jun 13, 2025 (5 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32711
Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices
Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up.
These boot problems only impact Surface Hub v1 systems running Windows 1 …
Read more
Published Date:
Jun 13, 2025 (4 hours, 55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-33073
CVE-2025-33053
Apple fixes zero-click exploit underpinning Paragon spyware attacks
Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon’s Graphite spyware.
The infections were c …
Read more
Published Date:
Jun 13, 2025 (2 hours, 48 minutes ago)
Vulnerabilities has been mentioned in this article.