Development

CVE ID : CVE-2025-34128

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34129

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34130

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34132

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface. 777

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34127

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-34125

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12498

Published : July 16, 2025, 11:15 p.m. | 3 hours, 47 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7728

Published : July 17, 2025, 2:15 a.m. | 47 minutes ago

Description : A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5396

Published : July 17, 2025, 2:15 a.m. | 47 minutes ago

Description : The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly to call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. On WordPress sites running the Alone theme versions 7.8.4 and older, this can be chained with CVE-2025-5394 to install the Bears Backup plugin and achieve the same impact.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7729

Published : July 17, 2025, 2:15 a.m. | 47 minutes ago

Description : A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Jul 16, 2025Ravie LakshmananBrowser Security / Zero-Day
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wil …
Read more

Published Date:
Jul 16, 2025 (18 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6558

CVE-2025-3648

CVE-2025-6554

CVE-2025-5419

CVE-2025-4664

CVE-2025-2783

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat …
Read more

Published Date:
Jul 16, 2025 (10 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32819

CVE-2024-38475

CVE-2023-44221

CVE-2021-20039

CVE-2021-20035

Google finds custom backdoor being installed on SonicWall network devices

Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and se …
Read more

Published Date:
Jul 16, 2025 (6 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32819

CVE-2024-38475

CVE-2021-20039

CVE-2021-20038

CVE-2021-20035

The world of open-source development comes with various cyber threats. GitHub is still facing a type of attack that is…

So, you’re working with Django, you’ve run a migration, and now something’s broken. Maybe you added a field that shouldn’t…

Imagine a future where artificial intelligence quietly shoulders the drudgery of software development: refactoring tangled code, migrating legacy systems, and…

This post was written with Ilan Geller, Kamal Mannar, Debasmita Ghosh, and Nakul Aggarwal of Accenture. Video highlights offer a…

When you’re building a web app or API that needs to respond quickly, caching is often the secret sauce. Without…

Contributing to open source sounds fun until life gets in the way. You get busy, you forget or you don’t…

In open source communities, we often discuss contribution guidelines, codes of conduct, and onboarding new contributors. But one thing we…