What is CTEM? Your Guide to Reducing Cyber Risk

Trying to explain security priorities to your board using CVSS scores is a tough sell. A long list of technical flaws doesn't translate to business impact, making it difficult to justify budgets and get buy-in for critical initiatives. Security leaders need a better way to frame the conversation...

Google Chrome < 122.0.6261.128 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 122.0.6261.128. It is, therefore, affected by a vulnerability as referenced in the 202403stable-channel-update-for-desktop12 advisory. - Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allow...

PT-2025-47607

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.0.8 Open OnDemand versions prior to 3.1.16 Description Open OnDemand packages create world writable locations in the GEM PATH prior to versions 4.0.8 and 3.1.16. This could allow unauthorized modification of...

Nuclei 3.5.1

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

[SECURITY] Fedora 42 Update: ruff-0.14.3-1.fc42

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

OESA-2025-2693 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

OESA-2025-2692 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

Intel CIP Input Validation Error Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an input validation error vulnerability that stems from improper input validation, which can be exploited by an attacker to cause information...

Intel CIP Information Disclosure Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an information disclosure vulnerability that stems from a protection mechanism failure, which can be exploited by an attacker to cause information...

Intel CIP Elevation of Privilege Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper privilege management and can be exploited by an attacker to cause elevation of...

Intel CIP Information Disclosure Vulnerability (CNVD-2025-28673)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an information disclosure vulnerability that stems from mismanagement of privileges, which can be exploited by an attacker to cause information...

Intel CIP Improper Access Control Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...

Unspecified Vulnerability in WordPress Plugin TNC Toolbox Web Performance

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...

CVE-2025-40122

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...

[SECURITY] Fedora 43 Update: firefox-145.0-2.fc43

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

EUVD-2022-55678

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

SUSE CVE-2025-40122

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...

GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

CVE-2025-24491

Uncontrolled search path for some IntelR KillerTM Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable...