CVE-2025-4436 – Apache HTTP Server Remote Code Execution

May 20, 2025

CVE ID : CVE-2025-4436

Published : May 20, 2025, 11:15 p.m. | 18 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5007 – Part-DB Profile Picture Feature Cross-Site Scripting

Next Article CVE-2025-5003 – Projectworlds Online Time Table Generator SQL Injection Vulnerability

Highlights

CVE-2025-48064 – GitHub Desktop Windows Network Share Path Traversal Information Disclosure

May 21, 2025

CVE ID : CVE-2025-48064

Published : May 21, 2025, 6:15 p.m. | 2 hours, 26 minutes ago

Description : GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. This affects GitHub Desktop users on Windows that view malicious commits in the history view. macOS users are not affected. When viewing a file diff in the history view GitHub Desktop will call `git log` or `git diff` with the object id (SHA) of the commit, the name of the file, and the old name of the file if the file has been renamed. As a security precaution Git will attempt to fully resolve the old and new path via `realpath`, traversing symlinks, to ensure that the resolved paths reside within the repository working directory. This can lead to Git attempting to access a path that resides on a network share (UNC path) and in doing so Windows will attempt to perform NTLM authentication which passes information such as the computer name, the currently signed in (Windows) user name, and an NTLM hash. GitHub Desktop 3.4.20 and later fix this vulnerability. The beta channel includes the fix in 3.4.20-beta3. As a workaround to use until upgrading is possible, only browse commits in the history view that comes from trusted sources.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-4436 – Apache HTTP Server Remote Code Execution

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

Enhance client experience with a custom, all-in-one platform

CVE-2025-48416 – OpenSSH Root Login Hard-Coded Credential Disclosure

This video of humanoid robots running a half marathon is amazing, hilarious, and a little creepy

MITRE Launches D3FEND CAD Tool to Revolutionize Cybersecurity Modeling

CVE-2025-48064 – GitHub Desktop Windows Network Share Path Traversal Information Disclosure

CVE-2025-27889 – Wing FTP Server URL Parameter Injection

3 Best Free and Open Source Linux Magnifying Tools

Turkey Bans Elon Musk’s AI Chatbot Grok After Insults Against Erdogan and Atatürk

CVE-2025-4436 – Apache HTTP Server Remote Code Execution

Related Posts