Overview
Description
Statistics
- 2 Posts
Fediverse
Overview
- Ivanti
- Endpoint Manager
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
Ivanti has released software updates to address a critical vulnerability in its Endpoint Manager software
Vulnerability:
CVE-2025-10573 - cross-site scripting
Impact: Allows an attacker to remotely execute code without authentication
Remediation: Apply patch ASAP
Overview
- Apache Software Foundation
- Apache Tika PDF parser module
- org.apache.tika:tika-parser-pdf-module
Description
Statistics
- 1 Post
- 39 Interactions
Fediverse
On Apache Tika vulnerability CVE-2025-66516
- The fix was released in August.
- It's the same vulnerability as CVE-2025-54988 from August, they just issued a new CVE (which they probably shouldn't have) as they filed the scope wrong.
- It doesn't provide RCE. You can read local files with it as the Java user, e.g. /etc/passwd.
- Exploitation requires knowing a specific endpoint which processes PDFs to be vulnerable (so exploitation would be tailored).
It's not one to panic over.
Overview
- Apache Software Foundation
- Apache Tika core
- org.apache.tika:tika-core
Description
Statistics
- 1 Post
- 39 Interactions
Fediverse
On Apache Tika vulnerability CVE-2025-66516
- The fix was released in August.
- It's the same vulnerability as CVE-2025-54988 from August, they just issued a new CVE (which they probably shouldn't have) as they filed the scope wrong.
- It doesn't provide RCE. You can read local files with it as the Java user, e.g. /etc/passwd.
- Exploitation requires knowing a specific endpoint which processes PDFs to be vulnerable (so exploitation would be tailored).
It's not one to panic over.
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
Google seals critical Chrome flaw (CVE-2025-9478) under attack: "use-after-free" bug in WebGL lets hackers run code via rigged pages. Update to v139.0.7258.154+ NOW! 🔒💻 https://www.heise.de/en/news/Chrome-update-closes-attacked-security-vulnerability-11111225.html #ChromeUpdate #CyberSecurity
#Newz
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Overview
- Apache Software Foundation
- Apache Airflow
- apache-airflow
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- notepad-plus-plus
- notepad-plus-plus
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
If you use PDQ, the Notepad++ 8.8.9 auto upgrade package is now available, but may require manual updates to your existing jobs to point to it. Patch that #0day if you haven't already. CVE-2025-49144
Overview
Description
Statistics
- 1 Post
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libsoup3
Description
Statistics
- 1 Post