Development

CVE ID : CVE-2010-20120

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Maple versions up to and including 13’s Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20114

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43747

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-51606

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as “admin”. The vulnerability poses a critical security risk in systems where authentication and authorization rely on the integrity of JWTs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3948

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4143

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4131

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43753

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Laravel v12.25.0 is out with a Copy as Markdown button on the error page, allowing you to conveniently share error…

Machine learning (ML) has evolved from an experimental phase to becoming an integral part of business operations. Organizations now actively…

Tyson Foodservice operates as a critical division within Tyson Foods Inc., using its extensive protein production capabilities to supply a…

This post was written with Jake Friedman from Wildlife. Businesses are seeking innovative ways to differentiate themselves through hyper-personalization and…

Chatbots should do more than just chat. We just published a new course on the freeCodeCamp.org YouTube channel that will…

Ruby is a programming language designed with developer happiness in mind. Its elegant and intuitive syntax makes coding not only…

Over the last three months, life has had me juggling a lot – managing my marriage, taking care of family…

Deploying a Flutter web app can feel repetitive if you’re doing it manually every time. GitHub Actions automates this by…

Tic-Tac-Toe is a great project for beginners who want to learn how to build games. It’s simple to understand but…

When you’re building mobile applications, one of the biggest challenges you might face is ensuring stability in real-world usage. No…

In my previous post, we explored the request lifecycle in a Sitecore headless application using Next.js, focusing on how Server…

Balancing AI Strategy With Human Wisdom  “AI-first” has become a buzzword in executive conversations, but what does it really mean?…