CVE-2025-27459 – VNC Weak Password Storage

July 3, 2025

CVE ID : CVE-2025-27459

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27460 – Dell Device Physical Storage Unencrypted Vulnerability

Next Article CVE-2025-27458 – VNC Password Derivation Vulnerability

Highlights

CVE-2025-53021 – “Moodle Session Fixation Vulnerability”

June 24, 2025

CVE ID : CVE-2025-53021

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim’s session being linked to the attacker’s. Successful exploitation results in full account takeover. According to the Moodle Releases page, “Bug fixes for security issues in 3.11.x ended 11 December 2023.” NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-27459 – VNC Weak Password Storage

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

CVE-2025-45525 – Microlight.js Null Pointer Dereference Vulnerability

CVE-2025-5012 – Workreap – Freelance Marketplace WordPress Theme File Upload Vulnerability

CVE-2025-44835 – D-Link DIR-816 Command Injection Vulnerability

CVE-2025-30419 – NI Circuit Design Suite SymbolEditor Out-of-Bounds Read Vulnerability

CVE-2025-53021 – “Moodle Session Fixation Vulnerability”

Why Your Business Needs a React Native Mobile App in 2025📲

CVE-2025-33004 – IBM Planning Analytics Local File Deletion Vulnerability

Learn College Calculus and Implement with Python

CVE-2025-27459 – VNC Weak Password Storage

Related Posts