Development

CVE ID : CVE-2025-54429

Published : July 28, 2025, 9:15 p.m. | 3 hours, 22 minutes ago

Description : Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It’s not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54765

Published : July 29, 2025, 12:15 a.m. | 22 minutes ago

Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54766

Published : July 29, 2025, 12:15 a.m. | 22 minutes ago

Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54767

Published : July 29, 2025, 12:15 a.m. | 22 minutes ago

Description : An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54768

Published : July 29, 2025, 12:15 a.m. | 22 minutes ago

Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54769

Published : July 29, 2025, 12:15 a.m. | 22 minutes ago

Description : An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Medical image segmentation is at the heart of modern healthcare AI, enabling crucial tasks such as disease detection, progression monitoring,…

Language model users often ask questions without enough detail, making it hard to understand what they want. For example, a…

In this tutorial, we guide you through the development of an advanced Graph Agent framework, powered by the Google Gemini…

The landscape of artificial intelligence continues to evolve rapidly, with breakthroughs that push the boundaries of what models can achieve…

Embedding models act as bridges between different data modalities by encoding diverse multimodal information into a shared dense representation space.…

In this tutorial, we walk through the complete implementation of an advanced AI agent system powered by Nomic Embeddings and…

The White House just released the U.S. AI Playbook—formally titled “America’s AI Action Plan”—a sweeping, high-impact federal strategy that clarifies…

The Model Context Protocol (MCP) is changing how intelligent agents interact with backend services, applications, and data. A successful MCP implementation project…

Bifrost is the first and only build service designed specifically for NativePHP apps. The post NativePHP Is Entering Its Next…

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of…

Advancements in artificial intelligence are rapidly closing the gap between digital reasoning and real-world interaction. At the forefront of this…

In this tutorial, we build a GPU‑capable local LLM stack that unifies Ollama and LangChain. We install the required libraries,…

The discipline of epigraphy, focused on studying texts inscribed on durable materials like stone and metal, provides critical firsthand evidence…

Robotic grasping is a cornerstone task for automation and manipulation, critical in domains spanning from industrial picking to service and…