PT-2025-26321 · Coros · Coros Pace 3

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions through 3.0808.0 Description: An issue was discovered that affects the Bluetooth pairing method of the device. It identifies itself as a device without input or output capabilities, resulting in the use of the Just Works...

Omise: PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine

The vulnerability involved the exposure of personally identifiable information PII, specifically email addresses, through an email confirmation link used by Omise. The email address was embedded directly in a token that was visible in the URL. This token was subsequently archived by the Wayback...

Malicious code in dijit._widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa0d60292f6c7957aa330c2c5c33bd9c9bf860f405a547f3cdadd639fa980fd5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

UBUNTU-CVE-2022-49955

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSRHV handling for Cell The semi-recent changes to MSR handling when entering RTAS firmware cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page 2fff01a8 - exploit attempt...

CVE-2025-38046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from an interrupt-triggering bug injected by the KVM SVM at GIF=0, which could lead to a denial of service...

FARFETCH'D: a Side-Channel Analysis Framework for Privacy Applications on Confidential Virtual Machines

Confidential virtual machines CVMs based on trusted execution environments TEEs enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not gener...

Trustworthy Artificial Intelligence for Cyber Threat Analysis

Artificial Intelligence brings innovations into the society. However, bias and unethical exist in many algorithms that make the applications less trustworthy. Threats hunting algorithms based on machine learning have shown great advantage over classical methods. Reinforcement learning models are...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an interruptible lock to release a GPU vm, which could lead to a memory leak...

Set Linux OS Identifier

Establishes a unique identifier for Linux machines that we can use going forward to determine if the machine attributes fit Linux checks. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid240164; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate...

Fuji Electric Smart Editor 安全漏洞

Fuji Electric Smart Editor is an editing software developed by Fuji Electric for configuring and programming Human Machine Interface HMI devices. A buffer overflow vulnerability exists in Fuji Electric Smart Editor, which can be exploited by an attacker to execute arbitrary code...

Malicious code in bs58js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a4f78a5795b0e66267f0404c4caf2c191531655570105421890dede022ebc6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquiring SRCU in KVMGETMPSTATE to protect guest memory accesses Acquiring a lock on kvm-srcu when userspace is obtaining the MP state can lead to a severe edge case where processing APIC events, such as during pending...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: phy: It is now possible to allow the MDIO bus’s PM operations to initiate/stop the state machine for the phylink-controlled PHY. There are two types of DSA drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume...

CVE-2025-29902

Remote code execution that allows unauthorized users to execute arbitrary code on the server machine...

CVE-2025-29902

CVE-2025-29902 is described as remote code execution enabling unauthorized users to execute arbitrary code on the server. Connected documents link affected software as Bosch RTS VLink/Telex RDC Server and related components (e.g., Apache HTTP Server in PT-2025-25233), with remediation guidance no...

Computational Attestations of Polynomial Integrity Towards Verifiable Machine-Learning

Machine-learning systems continue to advance at a rapid pace, demonstrating remarkable utility in various fields and disciplines. As these systems continue to grow in size and complexity, a nascent industry is emerging which aims to bring machine-learning-as-a-service MLaaS to market. Outsourcing...

Non-Human Identities: How to Address the Expanding Security Risk

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian's end-to-end NHI security platform is here to close...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Eleva...