Development

CVE ID : CVE-2025-32990

Published : July 10, 2025, 10:15 a.m. | 3 hours, 51 minutes ago

Description : A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5040

Published : July 10, 2025, 12:15 p.m. | 1 hour, 51 minutes ago

Description : A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5037

Published : July 10, 2025, 12:15 p.m. | 1 hour, 51 minutes ago

Description : A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6211

Published : July 10, 2025, 1:15 p.m. | 51 minutes ago

Description : A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

New Opossum Attack Allows Hackers to Compromise Secure TLS Channels with Malicious Messages

The new Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications.
This attack exploits fundamental differences betwe …
Read more

Published Date:
Jul 10, 2025 (4 hours, 17 minutes ago)

Vulnerabilities has been mentioned in this article.

New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking

A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry.
This sophisticated attack …
Read more

Published Date:
Jul 10, 2025 (3 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks

A critical vulnerability CVE-2025-6514 with a CVSS score of 9.6 affecting the mcp-remote project allows attackers to achieve arbitrary operating system command execution on machines running mcp-remote …
Read more

Published Date:
Jul 10, 2025 (2 hours, 43 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6514

Ruckus network management solutions riddled with unpatched vulnerabilities

Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the a …
Read more

Published Date:
Jul 10, 2025 (2 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

Whether you’re transferring data between APIs or just preparing JSON data for import, mismatched schemas can break your workflow. Learning…

Laravel’s custom object casting transforms database attributes into value objects through the CastsAttributes interface. Build sophisticated data handling with rich…

PHP 8.5 introduces a `diff` option for the php –ini flag that makes it easy to identify changed INI values…

As cyber threats grow, the United Arab Emirates (UAE) is stepping up, fast. The country’s cybersecurity market is projected to…

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via…

Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a…

The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks…

CVE ID : CVE-2025-3497

Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago

Description : The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 – VSAP 1.20) is obsolete and
reached end of life (EOL) on
June 30, 2024. Thus, any
unmitigated vulnerability could be exploited to affect this product.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3498

Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago

Description : An unauthenticated user with management network access can get and
modify the Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20)
configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration
and execute some commands (e.g., system reboot).

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3499

Published : July 9, 2025, 9:15 a.m. | 18 hours, 45 minutes ago

Description : The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary
commands that are executed with administrative permissions by the underlying operating system.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6514

Published : July 9, 2025, 1:15 p.m. | 14 hours, 45 minutes ago

Description : mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53546

Published : July 9, 2025, 3:15 p.m. | 12 hours, 45 minutes ago

Description : Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges. This vulnerability is fixed in commit 585c6a591440cd39f92374230ac5d65d7dd23d6a.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…