CVE-2025-46218 – Microsoft Azure AD Authentication

April 23, 2025

CVE ID : CVE-2025-46218

Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46219 – Apache HTTP Server Command Injection

Next Article CVE-2025-46217 – Apache HTTP Server Cross-Site Request Forgery

Highlights

CVE-2025-47277 – NVIDIA vLLM Unauthenticated Remote Code Execution

May 20, 2025

CVE ID : CVE-2025-47277

Published : May 20, 2025, 6:15 p.m. | 1 hour, 44 minutes ago

Description : vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `–kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

Apple doesn’t need better AI as much as AI needs Apple to bring its A-game

DistroWatch Weekly, Issue 1125

Motion Highlights #9

The 2025 Wholesome Direct was chock-full of cozy casual games and aesthetic vibes

Online Scrap Portal Using PHP and MySQL

Online Scrap Portal Using PHP and MySQL

Master Image Processing in Node.js Using Sharp for Fast Web Apps

mkocansey/bladewind

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

DistroWatch Weekly, Issue 1125

Gradia is a Slick New Screenshot Annotation Tool for Linux

CVE-2025-46218 – Microsoft Azure AD Authentication

CVE-2025-25208 – Apache Authorino Authentication Service Denial of Service

CVE-2025-25209 – Red Hat Connectivity Link Information Disclosure Vulnerability

CVE-2025-23099 – Samsung Exynos OOB Write Vulnerability

This Spotlight alternative for Mac is my secret weapon for AI-powered search

CVE-2025-49073 – Axiomthemes Sweet Dessert Deserialization of Untrusted Data Object Injection Vulnerability

The best bamboo sheets for summer are 35% off for Memorial Day

CVE-2025-47277 – NVIDIA vLLM Unauthenticated Remote Code Execution

I asked a Lenovo representative about the Legion Go S (SteamOS) price increase — This is what they told me

Best Free and Open Source Alternatives to Progress MOVEit

Why CTEM is the Winning Bet for CISOs in 2025

CVE-2025-46218 – Microsoft Azure AD Authentication

Related Posts