Development

CVE ID : CVE-2025-8058

Published : July 23, 2025, 8:15 p.m. | 2 hours, 50 minutes ago

Description : The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed malloc
that injects random malloc failures. The double free can allow buffer
manipulation depending of how the regex is constructed. This issue
affects all architectures and ABIs supported by the GNU C library.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32019

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47281

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service (DoS) vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the {{@}} variable combined with a pipe and an invalid JMESPath function (e.g., {{@ | non_existent_function }}). This leads to a nil value being substituted into the policy structure. Subsequent processing by internal functions, specifically getValueAsStringMap, which expect string values, results in a panic due to a type assertion failure (interface {} is nil, not string). This crashes Kyverno worker threads in the admission controller and causes continuous crashes of the reports controller pod. This is fixed in version 1.14.2.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53537

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53942

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can still retain partial access to the system despite their accounts being deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can authorize applications if they know the URL of the application. To workaround this issue, developers can add an expression policy to the user login stage on the respective authentication flow with the expression of return request.context[“pending_user”].is_active. This modification ensures that the return statement only activates the user login stage when the user is active. This issue is fixed in versions authentik 2025.4.4 and 2025.6.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54371

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : Rejected reason: This CVE is a duplicate of another CVE.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54377

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : Roo Code is an AI-powered autonomous coding agent that lives in users’ editors. In versions 3.23.18 and below, RooCode does not validate line breaks (n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines. This is fixed in version 3.23.19.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2016-15044

Published : July 23, 2025, 10:15 p.m. | 50 minutes ago

Description : A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Laravel Live Denmark is back with its second edition of the conference, to be held in Copenhagen, Denmark, on 21-22.…

The next Laravel Worldwide Meetup is today, Tuesday, July 22nd, 2025. The meetup starts on YouTube at 16:00 UTC and…

How many times have you spent months evaluating automation projects – enduring multiple vendor assessments, navigating lengthy RFPs, and managing…

Seven faculty in the MIT School of Architecture and Planning (SA+P) have been honored for their contributions through promotions, effective…

Gemini 2.5 Flash-Lite, previously in preview, is now stable and generally available. This cost-efficient model provides high quality in a…

Top News OpenAI’s new ChatGPT Agent can control an entire computer and do tasks for you OpenAI has introduced a…

Read about various happenings with Baseline during June 2025. Source: web.dev: Blog 

The Java programming language is a favourite among solo devs and large teams alike. It’s popular for many reasons and…

Visual Geometry Group (VGG) is one of the most influential convolutional neural networks in computer vision. It is a deep…

To get the best tech jobs, it can be helpful to understand how to apply data structures and algorithms to…

Built-in functions in C++ are those functions that are part of the C++ standard libraries. These functions are designed to…

If you’ve ever stared at a dozen hosting plans, not sure which one to choose, you’re not alone. Hosting isn’t…