CVE-2025-48886 – Cardano Hydra L1 Event Finality Vulnerability

June 19, 2025

CVE ID : CVE-2025-48886

Published : June 19, 2025, 3:15 p.m. | 2 hours, 41 minutes ago

Description : Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49014 – jq Heap Use After Free Vulnerability

Next Article CVE-2025-6267 – Zhilink ADP Application Developer Platform SQL Injection Vulnerability

Highlights

CVE-2025-4205 – WordPress Popup Maker Stored Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-4205

Published : June 3, 2025, 12:15 p.m. | 3 hours, 14 minutes ago

Description : The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID’ parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-48886 – Cardano Hydra L1 Event Finality Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Windows 10 Build 19045.6156 hits Release Preview with Secure Boot upgrade

CVE-2025-6166 – Frdel Agent-Zero Path Traversal Vulnerability

Best Architecture AI Rendering Platform: 6 Top Tools

CVE-2025-5502 – TOTOLINK X15 Command Injection Vulnerability

CVE-2025-4205 – WordPress Popup Maker Stored Cross-Site Scripting Vulnerability

How to Create a JavaScript EXIF Info Parser to Read Image Metadata

This AI Paper Introduces WEB-SHEPHERD: A Process Reward Model for Web Agents with 40K Dataset and 10× Cost Efficiency

CVE-2025-5875 – TP-Link TL-IPC544EP-W4 Buffer Overflow Vulnerability

CVE-2025-48886 – Cardano Hydra L1 Event Finality Vulnerability

Related Posts