CVE-2025-60791

CVE-2025-60791 affects Easywork Enterprise 2.1.3.354. The vulnerability is Cleartext Storage of Sensitive Information in Memory, where device-bound license keys remain in process memory after a failed activation. An attacker with local access can attach a debugger or dump memory to retrieve keys ...

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...

SUSE CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

SUSE CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of a security measure - Manipulation of data - Execution of arbitrary code user privilege...

Malicious code in baidu-tims (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8df1a41ee221825ba6e320bbed60cefc43c2254a86e89ff493988c7b5ee8ad3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

KVM: VMX: Prevent RSB underflow before vmenter

...

KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits

...

EUVD-2025-35735

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev-devname,shortnam...

CVE-2025-61881

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this...

UBUNTU-CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

CVE-2023-53694

CVE-2023-53694 concerns a Linux kernel RISCV ftrace issue where enabling preemption could cause a jump to an address with mixed XLEN:12 bits, due to an AUIPC + JALR sequence. The vulnerability arises in the dynamic ftrace prologue when switching tasks and potentially changing the ftrace function ...

Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...

PT-2025-43095

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the RISCV architecture related to ftrace and kernel preemption. The issue arises from the use of an AUIPC + JALR instruction pair to encode an...

CVE-2025-61881

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this...

CVE-2025-61881

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this...

Cosmos EVM Vulnerability

Patches Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade. Workarounds No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended. Testing...

Why AI-Powered Firewall Defense Is the Boldest Cybersecurity Shift of 2025

Static firewalls are failing. Discover how AI-powered firewalls predict, adapt, and defend at machine speed — reshaping cybersecurity in 2025 and beyond...

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler...