Development

CVE ID : CVE-2025-53927

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53928

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53941

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53946

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.5 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

We’re excited to share that Energage has named Perficient a 2025 Technology Top Workplaces winner. This award showcases our commitment…

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure

Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced.
This memory overread vulnerability in Citrix NetScaler a …
Read more

Published Date:
Jul 17, 2025 (4 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

Vulnerabilities in applications preloaded on Bluebird smartphones

Vulnerabilities in applications preloaded on Bluebird smartphones
CVE ID
CVE-2025-5344
Publication date
17 July 2025
Vendor
Bluebird
Product
com.bluebird.kiosk.launcher
Vulnerable versions
All before …
Read more

Published Date:
Jul 17, 2025 (3 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5346

CVE-2025-5345

CVE-2025-5344

GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability

A highly sophisticated malware campaign targeting Microsoft Exchange servers in government and high-tech organizations across Asia.
The malware, dubbed GhostContainer, exploits known N-day vulnerabili …
Read more

Published Date:
Jul 17, 2025 (2 hours, 38 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2020-0688

NetScaler deelt Indicators of Compromise (IoCs) CVE-2025-5777

NetScaler deelt een aantal Indicators of Compromise (IoCs) die erop kunnen wijzen dat NetScaler-appliances via de kwetsbaarheid CVE-2025-5777 zijn aangevallen. Beheerders kunnen in logbestanden zoeken …
Read more

Published Date:
Jul 17, 2025 (1 hour, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

By 2030, the CIO will be the power center of the c-suite.  In less than a decade, CIOs at Fortune…

The PHP team is pleased to announce the second testing release of PHP 8.5.0, Alpha 2. This continues the PHP…

This is Part 2 of a three-part series (links at the bottom). The GitHub repo can be checked out here.…

Laravel’s Isolatable interface prevents concurrent command execution by implementing automatic locking mechanisms. Essential for data processing, backups, and system maintenance…

Symfony AI is a set of components that integrate AI capabilities into PHP applications. While these packages are still considered…

Useful Laravel links to read/watch for this week of July 17, 2025. Source: Read More 

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive…

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has…

In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles…

The United States Department of Justice has pushed charges against a suspected Ryuk ransomware operator extradited from Ukraine, last month,…

Organizations are adopting large language models (LLMs), such as DeepSeek R1, to transform business processes, enhance customer experiences, and drive…