CVE-2025-27128 – OpenHarmony TCB Use After Free Arbitrary Code Execution

August 11, 2025

CVE ID : CVE-2025-27128

Published : Aug. 11, 2025, 4:15 a.m. | 20 hours, 7 minutes ago

Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27577 – Apache OpenHarmony TCB Arbitrary Code Execution Vulnerability

Next Article CVE-2025-25278 – OpenHarmony TCB Race Condition Arbitrary Code Execution Vulnerability

Highlights

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

April 25, 2025

CVE ID : CVE-2025-3935

Published : April 25, 2025, 7:15 p.m. | 29 minutes ago

Description : ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.

If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.

The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Windows 11 Media Creation Tool downloads fresh 24H2 update for clean install

June 29, 2025

Apple may have bigger fish to fry with OpenAI’s rumored ChatGPT Screenless phone — beyond President Trump’s stringent tariffs on the iPhone

April 14, 2025

CVE-2025-8753 – Linlinjava Litemall File Handler Path Traversal Vulnerability

August 9, 2025

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-27128 – OpenHarmony TCB Use After Free Arbitrary Code Execution

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

How to Transform JSON Data to Match Any Schema

Meta AI Introduces First Version of Its Llama 4-Powered AI App: A Standalone AI Assistant to Rival ChatGPT

Using CSS backdrop-filter for UI Effects

Apple Researchers Reveal Structural Failures in Large Reasoning Models Using Puzzle-Based Evaluation

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

Windows 11 Media Creation Tool downloads fresh 24H2 update for clean install

Apple may have bigger fish to fry with OpenAI’s rumored ChatGPT Screenless phone — beyond President Trump’s stringent tariffs on the iPhone

CVE-2025-8753 – Linlinjava Litemall File Handler Path Traversal Vulnerability

CVE-2025-27128 – OpenHarmony TCB Use After Free Arbitrary Code Execution

Related Posts