Linux Distros Unpatched Vulnerability : CVE-2017-0414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate...

CVE-2025-10183 XML External Entity Injection in TecConnect 4.1

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

TecCom TecConnect 安全漏洞

TecCom TecConnect is a middleware from TecCom Germany. A security vulnerability exists in TecCom TecConnect version 4.1, which originates from a blind XXE injection in the OpenMessaging webservice and could lead to arbitrary file disclosure...

PT-2025-36738

Name of the Vulnerable Software and Affected Versions: TecCom TecConnect version 4.1 Description: The OpenMessaging webservice in TecCom TecConnect version 4.1 contains a blind XML External Entity XXE injection. This allows an unauthenticated attacker to exfiltrate arbitrary files to an...

CVE-2025-36100

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from storing passwords in client configuratio...

Basecamp: Improper bot-authentication allows to impersonate any user when sending messages in a room

A vulnerability was discovered in the bot authentication mechanism. The issue allowed an unauthenticated user to impersonate any user and post messages in rooms the impersonated user had access to. The bot authentication function failed to properly validate the bot key, allowing a partial key to...

Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability.

Summary IBM MQ has addressed a password disclosure vulnerability CVE-2025-36100 Vulnerability Details CVEID:CVE-2025-36100 DESCRIPTION: IBM MQ Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. CWE:CWE-260: Password in Configurati...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a security bypass in JMS messaging (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Following IBM® Engineering Lifecycl...

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3...

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims t...

IBM MQ Redistributable Client Installed (Linux)

Binary data ibmmqclientportablenixinstalled.nbin...

CVE-2025-55454

An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file...

[SECURITY] Fedora 41 Update: matrix-synapse-1.136.0-1.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Optimizing Scalar Selection in Elliptic Curve Cryptography Using Differential Evolution for Enhanced Security

Elliptic Curve Cryptography ECC is a fundamental component of modern public-key cryptosystems that enable efficient and secure digital signatures, key exchanges, and encryption. Its core operation, scalar multiplication, denoted as $k \cdot P$, where $P$ is a base point and $k$ is a private scala...

Linux Distros Unpatched Vulnerability : CVE-2025-21914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slimdotransfer returns timeout error but the...

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

Malicious code in hiot-messaging (npm)

The package hiot-messaging was found to contain malicious code...