Linux Distros Unpatched Vulnerability : CVE-2024-8250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file CVE-2024-8250 Note...

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims t...

Linux Distros Unpatched Vulnerability : CVE-2021-45104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs...

Training Language Model Agents to Find Vulnerabilities with CTF-Dojo

Large language models LLMs have demonstrated exceptional capabilities when trained within executable runtime environments, notably excelling at software engineering tasks through verified feedback loops. Yet, scalable and generalizable execution-grounded environments remain scarce, limiting...

Linux Distros Unpatched Vulnerability : CVE-2019-8381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in dochecksum in checksum.c. It can be triggered by sending a crafted pcap file to t...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

CVE-2025-9100

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100

CVE-2025-9100 affects zhenfeng13 My-Blog 1.0.0, specifically the Frontend Blog Article Comment Handler in /blog/comment. The vulnerability allows authentication bypass via capture-replay and can be exploited remotely; public exploit information is available. Connected data indicate a PROOF-OF-CON...

Linux Distros Unpatched Vulnerability : CVE-2021-39923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

PT-2025-33629 · Zhenfeng13 · Myblog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0.0 Description: A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The...

Linux Distros Unpatched Vulnerability : CVE-2025-38226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpgfillplanepattern...

Malicious code in cam-capture (npm)

The package cam-capture was found to contain malicious code...

MAL-2025-16470 Malicious code in cam-capture (npm)

The package cam-capture was found to contain malicious code...

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication NFC to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card t...

Linux Distros Unpatched Vulnerability : CVE-2023-52981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request...

CVE-2025-54871

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...