Development

CVE ID : CVE-2025-3884

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3887

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3883

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3885

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Before I started to contribute to eslint-plugin-react, I didn’t think too deeply about the linters I used every day while…

AI is disrupting all industries at a pace not seen at any time in history. Technologies and industries that were…

Developers often see refactoring as a secondary concern that they can delay indefinitely because it doesn’t immediately contribute to revenue…

Understanding how to manage data effectively is a critical skill for anyone pursuing a career in tech. And we just…

Global Accessibility Awareness Day (GAAD) reminds us that accessibility is not just for some, it’s for everyone. A key Universal…

Global Accessibility Awareness Day (GAAD) serves as a wake-up call for healthcare providers, policymakers, and organizations to prioritize accessibility, not…

Global Accessibility Awareness Day (GAAD) is a crucial opportunity to highlight the importance of accessibility in pharmacies, ensuring that everyone,…

We’re excited to share that Perficient has been named the Gold Globee® Winner for Best Artificial Intelligence (AI) Service Provider…

In my previous blog https://blogs.perficient.com/2024/07/01/sitecore-personalize-close-event-logic/, I shared a method for using cookies to enable the user to dismiss an alert…

Choosing a provider is one of the most personal decisions in healthcare. Yet, 1 in 5 consumers abandon healthcare organizations…

Forging the future is not just about staying ahead and outpacing the competition. As an award-winning top workplace, we’re leading…

The delegated Managed Service Account (dMSA) feature was introduced in Windows Server 2025 as a secure replacement for legacy service…

In a joint cybersecurity advisory issued today, U.S. and allied intelligence agencies confirmed what many threat analysts have long suspected:…

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.…

In 2025, agentic AI is transforming the insurance industry, enabling autonomous systems to perceive, reason, and act independently to achieve…

Amazon Relational Database Service (Amazon RDS) for SQL Server now enables you to use Teradata databases as external data sources…