CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when uninitializing an HDCP session...

CVE-2025-47339

CVE-2025-47339 describes a memory corruption issue in Qualcomm chipsets that occurs while deinitializing an HDCP session. The vulnerability affects the HLOS/firmware path and can impact confidentiality, integrity, and availability when exploited locally with low privileges and no user interaction...

Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network...

Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law

Disney will pay a $10m settlement over allegations that it violated kids' privacy rights, the Federal Trade Commission FTC said this week. The agreement, first proposed in September 2025, resolves a dispute over Disney's labeling of child-targeted content on YouTube. The thousands of YouTube vide...

SUSE CVE-2025-69412

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...

Forcepoint One DLP Client 安全漏洞

Forcepoint One DLP Client is an endpoint data protection agent software from Forcepoint, USA. A security vulnerability exists in Forcepoint One DLP Client version 23.04.5642, which stems from a restriction on the ctypes library that can be bypassed, potentially leading to the execution of arbitra...

PT-2026-1533

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists during the deinitialization of a High-bandwidth Digital Content Protection HDCP session. HDCP is a form of digital copy protection designed to prevent copying of digital audio...

Veeam Agent for Microsoft Windows 13.0.1.120 to 13.0.1.1009 Upgrade Notes

Article Applicability This article documents notable deviations from the standard Veeam Agent for Microsoft Windows upgrade procedure that occur only when upgrading from Veeam Backup & Replication VBR 13.0.1 build 13.0.1.180 to 13.0.1 Patch 1 build 13.0.1.1071. This patch to VBR includes a new...

bind security update

32:9.11.4-26.0.5.P2.16 - Resolve CVE-2025-40778 Orabug: 38699863 32:9.11.4-26.0.3.P2.16 - Resolve CVE-2024-11187 Orabug: 37616907 32:9.11.4-26.0.1.P2.16 - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name 32:9.11.4-26.P2.16 -...

CLSA-2026-1767628458 curl: Fix of CVE-2024-9681

CVE-2024-9681: improve HSTS subdomain handling to prevent incorrectly overriding parent domain entries...

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

CVE-2025-67303

ComfyUI-Manager

postgresql:15 security update

An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2025-64122

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...

CVE-2025-11837

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

How to Protect Your iPhone or Android Device From Spyware

Being targeted by sophisticated spyware is relatively rare, but experts say that everyone needs to stay vigilant as this dangerous malware continues to proliferate worldwide...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

EUVD-2025-206224

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...

CVE-2025-64122

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...