IBM Concert Brute Force Exploit

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A brute force vulnerability exists in IBM Concert version 1.0.5 that stems from insufficient account lockout settings and can be exploited by an attack...

CYREBRO’s AI-Native MDR Platform Earns Silver at the 2025 Globee Cybersecurity Awards

Tel Aviv, Israel, 12th March 2025, CyberNewsWire...

BasicSR 安全漏洞

BasicSR is an open source image and video recovery toolkit from XPixelGroup Open Source. A security vulnerability exists in XPixelGroup BasicSR 1.4.2 and earlier versions that stems from a vulnerability that could allow native code execution under certain circumstances...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

IBM Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A cross-site scripting vulnerability exists in IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 and 5.0.0, which stems from...

Linux Distros Unpatched Vulnerability : CVE-2025-24970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. Whe...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

MAL-2025-1667 Malicious code in react-native-survicate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bc16cb68d62d1ff95179e3f34e2afa8a62648c8cf9a10e9de12a9d1ec4e4abe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-windows-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c894e9ec1df07b7a9631c7a3fff0940b131f370c1e5c3d1846b7ff2398076e59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1663 Malicious code in react-native-windows-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c894e9ec1df07b7a9631c7a3fff0940b131f370c1e5c3d1846b7ff2398076e59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

Malicious code in react-native-wallet-sdk-demo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca22a1a9bdc58e35b912072adf9e4737394ce3c10cbad067352953e093610bc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1559 Malicious code in react-native-wallet-sdk-demo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca22a1a9bdc58e35b912072adf9e4737394ce3c10cbad067352953e093610bc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

BIT-GRADLE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions due to improper handling of temporary files. On Unix-like systems, if the Native.getClass method is invoked without prior initialization via Native.initFile with a non-null argument,...