Development

The blog discusses how accessibility laws in APAC and Latin America are evolving, making compliance a business-critical need. It also explores regional legal updates and how AI-powered accessibility testing helps ensure inclusion, reduce risk and support ethical, user-friendly design.
The post Digital Accessibility Is Rising: Here’s How APAC and LATAM Are Leading the Shift first appeared on TestingXperts.

What is the notion of Suite in Before/After Suite annotation? Unlike Before/After Class and Method, I never had to use them. Suite I think can’t be the same thing as Java package, since classes with @Test annotations can be put in different packages. Is that so?

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

Source: Vladimir Sotnichenko via Alamy Stock PhotoNEWS BRIEFCitrix has fixed a critical vulnerability, tracked as CVE-2025-5777, found within NetScaler ADC and NetScaler Gateway.The vulnerability, ass …
Read more

Published Date:
Jun 23, 2025 (3 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

CVE-2025-5349

CVE-2023-6549

CVE-2023-6548

CVE-2023-4966

Canadian telecom hacked by suspected China state group

Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider i …
Read more

Published Date:
Jun 23, 2025 (3 hours, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-20399

CVE-2023-20273

CVE-2023-20198

CVE-2018-0171

Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada

A newly released advisory from the FBI and Canada’s Cyber Centre warns of an ongoing cyber espionage campaign by a China-linked group that is targeting telecom networks worldwide. The report, issued J …
Read more

Published Date:
Jun 23, 2025 (32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-20198

CVE ID : CVE-2023-47029

Published : June 23, 2025, 6:15 p.m. | 2 hours, 47 minutes ago

Description : An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49126

Published : June 23, 2025, 6:15 p.m. | 4 hours, 29 minutes ago

Description : Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation uses the get_swagger_ui_html function from FastAPI. This function does not encode or sanitize its arguments before using them to generate the HTML for the swagger documentation page and is not intended to be used with user-controlled arguments. Any user of this application can be targeted with a one-click attack that can takeover their session and all the secrets that may be contained within it. This issue has been patched in version 2.5.1.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6517

Published : June 23, 2025, 6:15 p.m. | 2 hours, 47 minutes ago

Description : A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-websmaxkey-web-mgtsrcmainjavaorgdromaramaxkeywebappscontorllerSAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49144

Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago

Description : Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder – which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6545

Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago

Description : Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.

This issue affects pbkdf2: from 3.0.10 through 3.1.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6518

Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago

Description : A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6547

Published : June 23, 2025, 7:15 p.m. | 1 hour, 47 minutes ago

Description : Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2828

Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago

Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52562

Published : June 23, 2025, 9:15 p.m. | 1 hour, 29 minutes ago

Description : Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. This allows the attacker to include and execute arbitrary PHP files on the server. This issue has been patched in version 4.4.1. A temporary workaround involves implementing strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Canada says Salt Typhoon hacked telecom firm via Cisco flaw

The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provide …
Read more

Published Date:
Jun 23, 2025 (3 hours, 27 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-20198

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

Summary
1. CVE-2025-49825 allows attackers to remotely bypass Teleport’s authentication controls, affecting multiple versions of the secure access platform.
2. Teleport has issued security updates for …
Read more

Published Date:
Jun 23, 2025 (2 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49825

CVE ID : CVE-2025-2172

Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago

Description : Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52542

Published : June 23, 2025, 2:15 p.m. | 4 hours, 9 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…