CVE-2024-38648 – Ivanti DSM Decryption Secret Disclosure

July 12, 2025

CVE ID : CVE-2024-38648

Published : July 12, 2025, 4:15 a.m. | 44 minutes ago

Description : A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous Article51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

Next Article Oops! It’s not you, it’s the Design (sometimes)

Highlights

CVE-2025-45526 – Microlight Denial of Service Vulnerability

June 17, 2025

CVE ID : CVE-2025-45526

Published : June 17, 2025, 8:15 p.m. | 15 minutes ago

Description : A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2024-38648 – Ivanti DSM Decryption Secret Disclosure

CVE-2025-6391 – Brocade ASCG Log File Exposed JWT Vulnerability

CVE-2025-7762 – D-Link DI-8100 HTTP Request Handler Stack-Based Buffer Overflow

CVE-2025-1400 – “PLCTag Lib Overread Buffer Read”

Kudu is a distributed data storage engine

CVE-2023-53142 – “Ice: Buffer Overflow in ice_get_module_eeprom()”

CVE-2025-48466 – Rockwell Automation Modbus TCP Remote Command Injection Vulnerability

CVE-2025-45526 – Microlight Denial of Service Vulnerability

Enable Flexible Pattern Matching with Laravel’s Case-Insensitive Str::is Method

Microsoft brings Copilot Notebooks to OneNote for enterprise users

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

CVE-2024-38648 – Ivanti DSM Decryption Secret Disclosure

Related Posts