Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Bluesky
Overview
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
ASUS has patched a high-severity local privilege escalation flaw (CVE-2025-59373) in MyASUS that allowed elevation to NT AUTHORITY/SYSTEM via the System Control Interface Service. Patch now shipped through Windows Update with updated versions for x64 and ARM.
#infosec #vulnerability #ASUS #WindowsSecurity #patchmanagement #CVE2025
Overview
- factionsecurity
- faction
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
⚠️ CVE-2025-66022: Critical RCE in Faction (<1.7.1). Unauthenticated attackers can upload extensions, execute commands, and fully compromise systems. Patch to 1.7.1 now! https://radar.offseq.com/threat/cve-2025-66022-cwe-829-inclusion-of-functionality--623a9be1 #OffSeq #infosec #CVE202566022 #RCE
Overview
Description
Statistics
- 1 Post
- 11 Interactions
Fediverse
That's an avenue that I admit I hadn't thought to check before. Seems so simple though.
https://access.redhat.com/security/cve/CVE-2025-13601
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
Accessibilité et design
- Faux gras, faux italique et fausses colonnes : quels problèmes pour l’accessibilité ? : “S’il peut sembler séduisant de donner du style à texte au moyen d’un générateur en ligne, c’est surtout un très bon moyen de rendre vos contenus inaccessibles.”
- https://www.jwz.org/doc : A collection of writing on technical topics
- CAPTCHAs are over : “Events will need to decide whether they want to protect against bots, or preserve high privacy standards. You will not be able to do both.”
- How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation : “o3 is not infallible. Far from it. There’s still a substantial chance it will generate nonsensical results and frustrate you. What is different, is that for the first time the chance of getting correct results is sufficiently high that it is worth your time and and your effort to try to use it on real problems.”
- https://contribute.design : to help designer to contribute in open source software dev
- https://larobustesse.org : “Tant que l’on ne critiquera pas la performance, dogme de l’économie de guerre, rien de durable ne pourra advenir.”
#accessibilité #design #LLM #NotesHebdo #opensource #security
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libtiff
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
To be a little more specific about the problem I'm interested in solving, this is a potential building block for an image processing pipeline for ActivityPub software. Mastodon uses ImageMagick, which is an old and well tested image manipulation tool, but it's only as sandboxed as the Mastodon server itself. Any vulnerability in ImageMagick leaves an attacker in a position to do anything the Mastodon server can do. That's an uncomfortable place to be because image library compromise isn't an outlandish possibility. It has happened a lot (check out this recent libtiff CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-9900). And I don't mean to say their developers are bad at what they do. Images are complex and this is a really hard problem!
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
Hey @Viss :
https://github.com/rayinaw/my-hub/blob/main/CVE-2025-63938/DISCLOSURE.md
Tinyproxy up to 1.11.2 contains an integer overflow vulnerability in the
strip_return_port()function withinsrc/reqs.c.
Overview
- DB Electronica Telecomunicazioni S.p.A.
- Mozart FM Transmitter
Description
Statistics
- 2 Posts
- 8 Interactions
Fediverse
🚨 CVE-2025-66257 (CRITICAL, CVSS 9.2): Mozart FM Transmitters (DB Electronica) allow unauthenticated file deletion via patch_contents.php. Segment networks, monitor traffic, restrict access—patch pending! More: https://radar.offseq.com/threat/cve-2025-66257-cwe-73-unauthenticated-arbitrary-fi-71769393 #OffSeq #Infosec #CVE202566257 #BroadcastSecurity
Go hack more radio shit.
https://www.abdulmhsblog.com/posts/webfmvulns/
- CVE-2025-66259: Authenticated Root RCE (main_ok.php)
- CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
- CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
- CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
- CVE-2025-66250: Unrestricted File Upload (Status)
- CVE-2025-66255: Unsigned Firmware Upload
- CVE-2025-66256: Unrestricted Patch Upload
- CVE-2025-66251: Path Traversal File Deletion
- CVE-2025-66254: Arbitrary File Deletion (Upgrade)
- CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
- CVE-2025-66260: SQL Injection
- CVE-2025-66258: Stored XSS via XML Injection
- CVE-2025-66257: Arbitrary Patch Deletion
- CVE-2025-66252: Infinite Loop Denial of Service
Overview
- DB Electronica Telecomunicazioni S.p.A.
- Mozart FM Transmitter
Description
Statistics
- 2 Posts
- 8 Interactions
Fediverse
🚨 CRITICAL (CVSS 9.9): DB Electronica Mozart FM Transmitters (30–7000) vulnerable to unauthenticated OS command injection (CVE-2025-66261) via restore_settings.php. Restrict access, enable WAF/IDS, and monitor now! https://radar.offseq.com/threat/cve-2025-66261-cwe-78-unauthenticated-os-command-i-e3fa977a #OffSeq #CVE202566261 #RCE #BroadcastSec
Go hack more radio shit.
https://www.abdulmhsblog.com/posts/webfmvulns/
- CVE-2025-66259: Authenticated Root RCE (main_ok.php)
- CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
- CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
- CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
- CVE-2025-66250: Unrestricted File Upload (Status)
- CVE-2025-66255: Unsigned Firmware Upload
- CVE-2025-66256: Unrestricted Patch Upload
- CVE-2025-66251: Path Traversal File Deletion
- CVE-2025-66254: Arbitrary File Deletion (Upgrade)
- CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
- CVE-2025-66260: SQL Injection
- CVE-2025-66258: Stored XSS via XML Injection
- CVE-2025-66257: Arbitrary Patch Deletion
- CVE-2025-66252: Infinite Loop Denial of Service
Overview
- DB Electronica Telecomunicazioni S.p.A.
- Mozart FM Transmitter
Description
Statistics
- 2 Posts
- 8 Interactions
Fediverse
🚨 CRITICAL: CVE-2025-66259 hits DB Mozart FM Transmitters (v30-7000) — improper input validation lets authenticated root users execute remote code. Broadcast ops at risk — restrict access & monitor for RCE. https://radar.offseq.com/threat/cve-2025-66259-cwe-20-improper-input-validation-in-9a138e69 #OffSeq #CVE202566259 #security #RCE
Go hack more radio shit.
https://www.abdulmhsblog.com/posts/webfmvulns/
- CVE-2025-66259: Authenticated Root RCE (main_ok.php)
- CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
- CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
- CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
- CVE-2025-66250: Unrestricted File Upload (Status)
- CVE-2025-66255: Unsigned Firmware Upload
- CVE-2025-66256: Unrestricted Patch Upload
- CVE-2025-66251: Path Traversal File Deletion
- CVE-2025-66254: Arbitrary File Deletion (Upgrade)
- CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
- CVE-2025-66260: SQL Injection
- CVE-2025-66258: Stored XSS via XML Injection
- CVE-2025-66257: Arbitrary Patch Deletion
- CVE-2025-66252: Infinite Loop Denial of Service