CVE ID : CVE-2025-1713
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : When setting up interrupt remapping for legacy PCI(-X) devices,
including PCI(-X) bridges, a lookup of the upstream bridge is required.
This lookup, itself involving acquiring of a lock, is done in a context
where acquiring that lock is unsafe. This can lead to a deadlock.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40924
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.
The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
Predicable session ids could allow an attacker to gain access to systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-51630
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53909
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53927
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53928
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53941
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53946
Published : July 17, 2025, 2:15 p.m. | 16 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.5 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure
Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced.
This memory overread vulnerability in Citrix NetScaler a …
Read more
Published Date:
Jul 17, 2025 (4 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5777
Vulnerabilities in applications preloaded on Bluebird smartphones
Vulnerabilities in applications preloaded on Bluebird smartphones
CVE ID
CVE-2025-5344
Publication date
17 July 2025
Vendor
Bluebird
Product
com.bluebird.kiosk.launcher
Vulnerable versions
All before …
Read more
Published Date:
Jul 17, 2025 (3 hours, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5346
CVE-2025-5345
CVE-2025-5344
GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability
A highly sophisticated malware campaign targeting Microsoft Exchange servers in government and high-tech organizations across Asia.
The malware, dubbed GhostContainer, exploits known N-day vulnerabili …
Read more
Published Date:
Jul 17, 2025 (2 hours, 38 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2020-0688
NetScaler deelt Indicators of Compromise (IoCs) CVE-2025-5777
NetScaler deelt een aantal Indicators of Compromise (IoCs) die erop kunnen wijzen dat NetScaler-appliances via de kwetsbaarheid CVE-2025-5777 zijn aangevallen. Beheerders kunnen in logbestanden zoeken …
Read more
Published Date:
Jul 17, 2025 (1 hour, 50 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5777
The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive…
An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has…
In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles…
The United States Department of Justice has pushed charges against a suspected Ryuk ransomware operator extradited from Ukraine, last month,…
CVE ID : CVE-2025-4302
Published : July 17, 2025, 8:15 a.m. | 2 hours, 9 minutes ago
Description : The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Google’s Big Sleep AI Foils Live Zero-Day Exploit in SQLite (CVE-2025-6965)
In a demonstration of artificial intelligence applied to cybersecurity, Google has revealed that its AI agent, Big Sleep, has successfully identified and neutralized a critical vulnerability before it …
Read more
Published Date:
Jul 17, 2025 (10 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6965
NVIDIA Plugs Critical Flaws in Container Toolkit and GPU Operator: CVE-2025-23266 & CVE-2025-23267
NVIDIA has released a critical security update for its Container Toolkit and GPU Operator, patching two high-impact vulnerabilities—CVE-2025-23266 and CVE-2025-23267—that could allow attackers to gain …
Read more
Published Date:
Jul 17, 2025 (10 hours, 11 minutes ago)
Vulnerabilities has been mentioned in this article.
Microsoft Unveils RedirectionGuard: A New Windows 11 Defense Against Privilege Escalation Attacks
As attackers continue to evolve their tactics, Microsoft is taking bold strides to neutralize entire classes of vulnerabilities — not just patching individual CVEs. In its recently blog post, the tech …
Read more
Published Date:
Jul 17, 2025 (10 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.