CVE-2025-68798

CVE-2025-68798: Linux kernel AMD perf event hotpath GPF in amd_pmu_enable_all due to a race where cpuc->events[idx] could be NULL. The patch adds a NULL check in amd_pmu_enable_all() before enabling events to avoid a general protection fault (GPF). Public writeups in the connected OSV update c...

CVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

PT-2026-2674

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A security feature bypass exists in Windows Remote Assistance. This allows an unauthorized attacker to bypass a security feature locally. The issue involves a failure in a protection mechanis...

NSecsoft NSecKrnl 安全漏洞

NSecsoft NSecKrnl is the underlying core module of a terminal protection software from China Anzai NSecsoft. A security vulnerability exists in NSecsoft NSecKrnl, which originates from a local attacker being able to terminate another user's process via a specially crafted IOCTL request...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of consistent lock protection for access to the mflags field, which could lead to data contention and...

Linux Distros Unpatched Vulnerability : CVE-2025-68809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: vfs: fix race on mflags in vfscache ksmbd maintains delete-on-close and pending-delete state in ksmbdinode-mflags. In vfscache.c this field is accessed...

Linux Distros Unpatched Vulnerability : CVE-2025-68800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added...

MiracleLinux 9 : kernel-5.14.0-570.25.1.el9_6 (AXSA:2025-10697:52)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10697:52 advisory. kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup...

MiracleLinux 8 : kernel-4.18.0-553.58.1.el8_10 (AXSA:2025-10155:37)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10155:37 advisory. kernel: cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 kernel: security/keys: fix slab-out-of-bounds in keytaskpermissio...

Linux Distros Unpatched Vulnerability : CVE-2025-68798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Che...

MiracleLinux 8 : kernel-4.18.0-553.69.1.el8_10 (AXSA:2025-10764:56)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10764:56 advisory. kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can: peakusb...

MiracleLinux 9 : kernel-5.14.0-570.19.1.el9_6 (AXSA:2025-10553:45)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10553:45 advisory. kernel: Use after Free in grusetcontextoption leading to kernel panic CVE-2022-3424 kernel: ndisc: use RCU protection in ndiscallocskb CVE-2025-217...

CVE-2026-22033

Label Studio (1.22.0 and earlier) is affected by a persistent stored XSS in the custom_hotkeys field. An authenticated attacker (or one who can trick a user into updating custom_hotkeys) can inject JavaScript that runs in other users’ browsers when loading pages using templates/base.html. The app...

GHSA-2MQ9-HM29-8QCH Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

Celebrating reviews and recognitions for Malwarebytes in 2025

Independent recognition matters in cybersecurity, and it matters a lot to us. It shows how security products perform when they’re tested against in-the-wild threats, using lab environments designed to reflect what people actually face in the real world. In 2025, Malwarebytes earned awards and...

CVE-2025-69271

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

CVE-2025-69271

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

PT-2026-2295

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.1.0 Description Lychee is a free, open-source photo-management tool. A flaw exists in the album password unlock functionality that could allow users to gain unauthorized access to other users' password-protected...

PT-2026-2268

Name of the Vulnerable Software and Affected Versions D3D Wi-Fi Home Security System ZX-G12 version 2.1.1 Description The D3D Wi-Fi Home Security System ZX-G12 version 2.1.1 is susceptible to RF replay attacks on the 433 MHz sensor communication channel. The system lacks essential security measur...

OpenProject 安全漏洞

OpenProject is a web-based project management software from OpenProject Open Source. A security vulnerability exists in OpenProject versions prior to 16.6.2 that stems from a lack of brute force protection in an unprotected password change endpoint, which could lead to account cracking and...