Development

CVE ID : CVE-2025-7749

Published : July 17, 2025, 6:15 p.m. | 21 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

When you talk to an AI assistant, it can feel like it remembers what you said before. But large language…

The “Notes Android App Using SQLite” is a mobile application developed for Android devices with the primary goal of providing…

unsupported Node.js versions leave your applications vulnerable to security risks, performance issues, and compliance violations. Source: Read More 

We introduce two multilingual, multimodal foundation language models that power Apple Intelligence features across Apple devices and services: (i) a…

NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution

NVIDIA has released critical security updates addressing two significant vulnerabilities in its Container Toolkit and GPU Operator that could allow attackers to execute arbitrary code with elevated pe …
Read more

Published Date:
Jul 17, 2025 (5 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

NVIDIA Container Toolkit Vulnerabilities

July 17, 2025Executive SummaryIn July 2025, NVIDIA disclosed two serious vulnerabilities impacting its Container Toolkit and GPU Operator components. These issues affect systems running GPU workloads …
Read more

Published Date:
Jul 17, 2025 (2 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco’s Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root pr …
Read more

Published Date:
Jul 17, 2025 (2 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20337

CVE-2025-20288

CVE-2025-20285

CVE-2025-20284

CVE-2025-20283

CVE-2025-20274

CVE-2025-20272

CVE-2025-20282

CVE-2025-20281

Chinese hackers breached National Guard to steal network configurations

The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and …
Read more

Published Date:
Jul 17, 2025 (2 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-3400

CVE-2023-20273

CVE-2023-20198

CVE-2018-0171

Tinkerwell v5 adds an MCP server, inline AI code completion, AI chat, a refreshed UI and much more! The post…

Tinkerwell v5 adds an MCP server, inline AI code completion, AI chat, a refreshed UI and much more! The post…

CVE ID : CVE-2025-3415

Published : July 17, 2025, 11:15 a.m. | 3 hours, 16 minutes ago

Description : Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52933

Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago

Description : Rejected reason: 3rd party vulnerability

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5344

Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago

Description : Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider “com.bluebird.kiosk.launcher.IpartnerKioskRemoteService”. A local attacker can bind to the AIDL-type service to modify device’s global settings and wallpaper image.

This issue affects all versions before 1.1.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5345

Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago

Description : Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider “com.bluebird.system.koreanpost.IsdcardRemoteService”. A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device’s storage with system-level permissions.

Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5346

Published : July 17, 2025, 1:15 p.m. | 1 hour, 16 minutes ago

Description : Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver “kr.co.bluebird.android.bbsettings.BootReceiver”. A local attacker can call the receiver to overwrite file containing “.json” keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file.

This issue affects all versions before 1.3.3.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1713

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : When setting up interrupt remapping for legacy PCI(-X) devices,
including PCI(-X) bridges, a lookup of the upstream bridge is required.
This lookup, itself involving acquiring of a lock, is done in a context
where acquiring that lock is unsafe. This can lead to a deadlock.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40924

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.

The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-51630

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53909

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…