Development

CVE ID : CVE-2025-48879

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint’s endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48937

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49143

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot’s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49142

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4801

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4653

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4678

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Imagine that a robot is helping you clean the dishes. You ask it to grab a soapy bowl out of…

Srinidhi Ranganathan, India’s Human AI, has created a unique musical experience with “Boom Ratatatata,” featuring both Human AI and AGI…

In today’s digital age where agility, data, and automation define success – most businesses struggle with fragmented tech stacks: landing…

Part 1 Let me tell you something. Two things, actually. One, don’t judge a guy by his face. Or, in…

The Indian online shopping landscape is on the cusp of a revolution. With the introduction of the Open Network for…

Latest PECL Releases: nsq 3.9.1 Fixed consumer not working on CentOS: Switched to timer-based solution, abandoned multi-process approach Source: Read…

Comments Source: Read More 

With thousands of skilled strategists and technologists worldwide, Perficient harnesses a collaborative spirit that delivers real results through the power…

CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild.
The vulnerability, tracked as CVE-2025-32433, enables attac …
Read more

Published Date:
Jun 10, 2025 (3 hours, 58 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32433

Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)

Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned.
What is Wazuh?
Wazuh is a p …
Read more

Published Date:
Jun 10, 2025 (3 hours, 25 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49113

CVE-2025-24016

Meerdere botnets misbruiken kritiek lek in beveiligingsplatform Wazuh

Verschillende botnets maken actief misbruik van een kritieke kwetsbaarheid in Wazuh, een opensource-beveiligingsplatform voor het voorkomen en detecteren van dreigingen en incidentrespons. Dat laat in …
Read more

Published Date:
Jun 10, 2025 (1 hour, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24016

Critical Vulnerability in Lovable’s Security Policies Let Attackers Inject Malicious Code

A severe security vulnerability, designated as CVE-2025-48757, has been discovered in Lovable’s implementation of Row Level Security (RLS) policies, allowing attackers to bypass authentication control …
Read more

Published Date:
Jun 10, 2025 (1 hour, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-48757

Laravel’s Collection::wrap method seamlessly converts any value type into a collection, handling single values, arrays, and existing collections uniformly. This…