HN Reader

Ask HN: Why does the US Visa application website do a port-scan of my network?

488 points by mbix77 20h ago 224 comments

Ask HN: Where are the best online gathering places for humans?

3 points by jMyles 3h ago 1 comments

Dagger and opencode and agnostic agents and SSH app = most portable dev kit

9 points by epuerta99 9h ago 2 comments

Tell HN: Somebody please make a faster task management system

5 points by pinkmuffinere 8h ago 4 comments

Warp sends a terminal session to LLM without user consent

88 points by ykurtov 1d ago 31 comments

Ask HN: How do you get your devs to understand your customers?

10 points by ghiculescu 19h ago 19 comments

What services or apps did you see abroad and wonder: why don't we have them?

39 points by ekusiadadus 1d ago 79 comments

AI might worsen diagnostics for physicians

14 points by BumperMike 20h ago 9 comments

Ask HN: What to do with a pure mathematics degree?

2 points by mareoclasico 15h ago 15 comments

Ask HN: How can I use AlarmKit at expo/React Native?

3 points by tntpreneur 19h ago 0 comments

When to Open Source

6 points by abdospices 19h ago 3 comments

VC-backed company just killed my EU trademark for a small OSS project

850 points by marcjschmidt 8d ago 248 comments

Can someone review my Laravel code?

4 points by junebuggerz 1d ago 9 comments

F-Droid build servers can't build modern Android apps due to outdated CPUs

441 points by nativeforks 7d ago 297 comments

Ask HN: Do you still bookmark websites?

78 points by indus 4d ago 129 comments

Ask HN: Are we allowed to discuss Israel on HN?

20 points by Jimmc414 1d ago 16 comments

Ask HN: SaaS Bookkeeping and Accounting

7 points by sp3ktrum 2d ago 7 comments

Ask HN: Tell me about the best programmer you worked with

51 points by jvanderbot 4d ago 26 comments

Ask HN: Are there any good educational computers for children that aren't toys?

4 points by laianav 1d ago 3 comments

Ask HN: How can ChatGPT serve 700M users when I can't run one GPT-4 locally?

572 points by superasn 12d ago 364 comments

Ask HN: Imagine coding LLM's 1M times faster; what uses might there be?

4 points by wewewedxfgdf 19h ago 4 comments

Ask HN: Has there been an increase in online censorship due to AI search's rise?

8 points by thisislife2 1d ago 3 comments

My First $500 MRR – My thoughts and learnings

42 points by adrianobbe 3d ago 22 comments

Ask HN: Founding Engineer/CTO (equity) for music rights/data infra (UK/US)

4 points by Ritwq 1d ago 1 comments

AI Is Not a Dev

4 points by tudorizer 1d ago 20 comments

Ask HN: How do you tune your personality to get better at interviews?

65 points by _swfb 6d ago 119 comments

Riff.nvim: Play YouTube music inside Neovim

6 points by Rits1272 1d ago 1 comments

CVE-2025-54988: Apache Tika XXE vulnerability

1 yakovsh2 1 8/20/2025, 8:24:56 PM lists.apache.org ↗

Comments (1)

yakovsh2 · 5h ago
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.

Users are recommended to upgrade to version 3.2.2, which fixes this issue.