Towards Scalable and Interpretable Mobile App Risk Analysis Via Large Language Models

Mobile application marketplaces are responsible for vetting apps to identify and mitigate security risks. Current vetting processes are labor-intensive, relying on manual analysis by security professionals aided by semi-automated tools. To address this inefficiency, we propose Mars, a system that...

MINI-GJ4P-56VW-2Q2J

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2020-2895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.19 and prior. Easily exploitable...

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

SUSE-SU-2025:02922-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002360 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

CVE-2025-38597

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to fin...

Linux Distros Unpatched Vulnerability : CVE-2024-47538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket...

SUSE-SU-2025:02858-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351. -...

CVE-2025-38518

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish Family 17h, Model 47h, Stepping 0h has an issue that causes system oopses and panics when performing TLB flush using INVLPGB. However, the problem is that that machine has...

PT-2025-33561 · Amd +1 · Amd Cyan Skillfish +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue related to the handling of TLB flushes using INVLPGB on AMD Cyan Skillfish processors Family 17h, Model 47h, Stepping 0h. This can lead to system...

CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-537267

creationtimestamp| type| source ---|---|--- 2025-08-13 05:25:08+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0251...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...

MINI-F7RW-MW2G-5H9H

Bulletin has no description...

CVE-2025-8418

creationtimestamp| type| source ---|---|--- 2025-08-12 08:14:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lw6ujvkyea2e 2025-08-22 07:15:21+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/48628 2025-08-22 15:00:05+00:00| published-proof-of-concept|...

Linux Distros Unpatched Vulnerability : CVE-2021-4093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger...

CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...

The vulnerability of the application software of the Central Medical Information System of the State Health Information System (GIS SZ), related to the unencrypted storage of critical information, allows a perpetrator to disclose identification data.

The vulnerability of the application software of the Central Medical Information System of the State Health Information System GIS SZ is related to the unencrypted storage of critical information. Exploiting this vulnerability could allow a malicious actor to disclose identification data...

CVE-2025-46414

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...