UBUNTU-CVE-2025-68798

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

CVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

CVE-2025-68798

CVE-2025-68798: Linux kernel AMD perf event hotpath GPF in amd_pmu_enable_all due to a race where cpuc->events[idx] could be NULL. The patch adds a NULL check in amd_pmu_enable_all() before enabling events to avoid a general protection fault (GPF). Public writeups in the connected OSV update c...

CVE-2025-14001

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™

This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations...

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

Linux Distros Unpatched Vulnerability : CVE-2025-68798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Che...

Fake Employee Reports Spread Guloader and Remcos RAT Malware

Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers...

Memory-Based Malware Detection under Limited Data Conditions: A Comparative Evaluation of TabPFN and Ensemble Models

Artificial intelligence and machine learning have significantly advanced malware research by enabling automated threat detection and behavior analysis. However, the availability of exploitable data is limited, due to the absence of large datasets with real-world data. Despite the progress of AI i...

[SECURITY] Fedora 42 Update: wasmedge-0.15.0-4.fc42

High performance WebAssembly Virtual Machine...

[SECURITY] Fedora 42 Update: wget2-2.2.1-1.fc42

GNU Wget2 is the successor of GNU Wget, a file and recursive website downloader. Designed and written from scratch it wraps around libwget, that provides the basic functions needed by a web client. Wget2 works multi-threaded and uses many features to allow fast operation. In many cases Wget2...

Why VM Shapes Matter: New Compute Plans Deliver Predictable Performance

...

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

CVE-2018-19386

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI...

CVE-2021-28248

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE:...

CVE-2021-28250

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...

CVE-2021-22514

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM...

CVE-2021-22500

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing...

CVE-2021-22490

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance...