Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

PT-2026-29010

Name of the Vulnerable Software and Affected Versions Core FTP/SFTP Server version 1.2 Description Core FTP/SFTP Server version 1.2 contains a buffer overflow issue that allows attackers to disrupt the service by providing a long string in the User domain field. Attackers can insert a malicious...

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: libvirt-supportconfig: Add support for...

Exploit for Missing Authorization in Givewp

CVE-2025-2025-52691-SmarterMail-Exp Environment Setup S...

SUSE-SU-2026:0080-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437

CVE-2025-11437 affects JhumanJ OpnForm ≤1.9.3, specifically the Form Editor’s /api/open/forms component. The issue enables cross-site scripting via that file, with remote initiation possible. Exploitation has been published and may be used in the wild. The vendor states the vulnerable feature is ...

PT-2025-41231

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3, specifically within the Form Editor component. This issue involves manipulation of the /api/open/forms/ file, leading to cross site scriptin...

EUVD-2020-6453

Malware in sbrugna...

CVE-2024-8039

Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...

DEBIAN-CVE-2024-56580

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: fix error path on configuration of power domains There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path devpmdomaindetach is unexpectedly called with NU...

CVE-2024-56580

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: fix error path on configuration of power domains There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path devpmdomaindetach is unexpectedly called with NU...

CVE-2024-8039

Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...

CVE-2024-8039

Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...

keycloak: Authorization Bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...