For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microso…

A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local code execution when dependencies are updated. ### Impac...

Article URL: https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 Comments URL: https://news.ycombinator.com/item?id=44502330 Points: 3 # Comments: 0

Posted by Taylor Blau on Jul 08The Git project released new versions of Git today, July 8, 2025, addressing multiple security vulnerabilities. Those vulnerabilities are: CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-…

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway instances have been probed and compromised by attackers. Citrix…

Posted by Xen . org security team on Jul 08 Xen Security Advisory CVE-2024-36350,CVE-2024-36357 / XSA-471 x86: Transitive Scheduler Attacks ISSUE DESCRIPTION ================= Researchers from Microsoft and ETH Zurich have discovered several new speculati…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 (CV…

Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and cross-site scripting on the targeted system. Note: CVE-2019-9621 is being …

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of u…

NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of u…

Anthropic has had an eventful couple weeks, and we have two separate write-ups to cover. The first is a vulnerability in the Antropic MCP Inspector, CVE-2025-49596. We’ve talked a bit …read more

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability CVE-2016-10033 PHPMailer Co…

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t recently updated the Sudo utility on your Linux box(es), yo…

Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks. CVE-2023-0645 Specifical…

DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document. The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub …

Posted by Kevin Backhouse on Jul 03DjVuLibre version 3.5.29 was released today. It fixes CVE-2025-53367 (GHSL-2025-055), an out-of-bounds write in the MMRDecoder::scanruns method. The vulnerability could be exploited to gain code execution on a Linux Desktop …

Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP's unserialize() function enables remote attackers to execute arbitrary system commands. The post CVE-2025-29306 – Unauthenticated Remote Code Exec…

FortiGuard Labs analyzes RondoDox, a stealthy new botnet targeting TBK DVRs and Four-Faith routers via CVE-2024-3721 and CVE-2024-12856. Learn how it evades detection, establishes persistence, and mimics gaming and VPN traffic to launch DDoS attacks.

Chromium's latest release addressed new vulnerabilities. Security updates have been released for Opera - get the latest versions now.