Development

CVE ID : CVE-2025-34036

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called “Cross Web Server” that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34037

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the “TheMoon” worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6534

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6535

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort/order leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Explore SSL certificate reselling: market growth, common challenges, auto-validation methods, and centralized lifecycle management. Continue reading Cost Effective Reseller Platforms…

Learn how developers can use Socialprofiler to analyze potential partners, investors, and collaborators before making critical business decisions. Continue reading…

Imagine having a web app that looks and feels just like a native mobile app. It launches from your home…

Kubernetes networking is one of the most critical and complex parts of running containerized workloads in production. This tutorial will…

Have you ever wondered how your fridge knows when to cool, or how a coffee machine knows when to stop…

The Music Streaming Platform is a browser-based application that offers music industries an innovative solution, modernizing the operations in reliable and efficient…

Too often, accessibility is seen as something only for people with disabilities, but the reality is that inclusive design solutions…

Designing for accessibility doesn’t belong to one field—it spans every corner of our lives. From healthcare to education, tech to…

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to…

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear…

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular…

Redefining Job Execution with AI Agents AI agents are reshaping how jobs are performed by offering tools that execute complex,…

Modern enterprises are rich in data that spans multiple modalities—from text documents and PDFs to presentation slides, images, audio recordings,…

Time series forecasting helps businesses predict future trends based on historical data patterns, whether it’s for sales projections, inventory management,…

Sakana AI introduces a novel framework for reasoning language models (LLMs) with a focus on efficiency and reusability: Reinforcement-Learned Teachers…

In this tutorial, we guide users through building a robust, production-ready Python SDK. It begins by showing how to install…