PT-2026-2532

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc1-custom-g1a3d6d7cd014 Description The Linux kernel contained a use-after-free issue within the mlxsw spectrum mr module. A missing mutex acquisition during multicast route deletion could lead to this...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of the download feature that could allow a remote attacker to bypass download protection via a specially crafted HTML...

CVE-2025-59700

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

PT-2025-48701

Name of the Vulnerable Software and Affected Versions Entrust nShield Connect XC versions through 13.6.11 Entrust nShield 5c versions through 13.6.11 Entrust nShield HSMi versions through 13.6.11 Entrust nShield Connect XC version 13.7 Entrust nShield 5c version 13.7 Entrust nShield HSMi version...

PT-2025-48746

Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions prior to 1.24.0 Description The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. If an HTTP-based MCP server is running on localhost without...

Defend Post-Quantum Cryptography's “Harvest Now, Decrypt Later” with WAAP

Prepare for a quantum-safe future. Learn how Akamai App & API Protector helps stop the data leaks that fuel “harvest now, decrypt later” attacks...

Banning VPNs

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of "protecting children" in A.B. 105/S.B. 130. It’s an age verification bill that...

WhiteLie: A Robust System for Spoofing User Data in Android Platforms

Android employs a permission framework that empowers users to either accept or deny sharing their private data for example, location with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In...

What’s your CNAPP maturity?

More and more enterprises are opting for cloud-native application protection platforms CNAPPs instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey...

ASB-A-432439762

In pkvmguestrelinquishtohost of memprotect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

binary-exploitation-playground

Binary Exploitation Playground 🚩 Repository ini berisi kumpul...

CVE-2025-9557

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬...

GHSA-58C5-G7WP-6W37 Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

CVE-2025-66035

CVE-2025-66035 affects Angular's HttpClient, allowing a XSRF token leakage via protocol-relative URLs (//) that are treated as same-origin, causing the token to be sent in X-XSRF-TOKEN. Impact described as credential leakage through app logic, enabling unauthorized CSRF token disclosure to attack...

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

CVE-2025-9557

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬...

CVE-2025-9557 Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬...

EUVD-2025-199711

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬...

PT-2025-48128

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An out-of-bound write can lead to arbitrary code execution. Even on devices with some form of memory protection, this can still lead to a crash and a resultant denial of service. Recommendations At t...

PT-2025-51674

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ext4 filesystem implementation. Specifically, a race condition exists between inline data destruction and block mapping within the ext4 destroy...