CVE-2025-60711

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

CVE-2025-60711

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

PT-2025-44670

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A protection mechanism failure exists in Microsoft Edge Chromium-based that could allow an unauthorized attacker to execute code over a network. The issue enables remote...

How are you managing cloud risk?

Learn why managing cloud risk demands unified visibility, continuous risk assessment, and efficient security operations. Discover how a full-featured CNAPP like Trend Vision One™ Cloud Security enables organizations to move from reactive to proactive cloud protection...

EUVD-2024-28045

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-10317

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not...

AZL-69436 CVE-2025-40099 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...

CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

CVE-2025-40102

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

CVE-2025-40086

CVE-2025-40086 affects the Linux kernel DRM XE path. An array of VM binds could evict other buffer objects (BOs) within the same VM, potentially causing NULL pointer dereferences in the bind pipeline. The fix clears the allow_res_evict flag in xe_bo_validate (and there was a follow‑up commit that...

CVE-2025-40086 drm/xe: Don't allow evicting of BOs in same VM in array of VM binds

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

PT-2025-53015

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the Intel iGPU IVPU driver related to buffer object BO unbinding. Specifically, the issue occurs when ivpu gem bo free removes a BO from the list before it...

OpenSolution Quick.Cart 跨站请求伪造漏洞

OpenSolution Quick.Cart is an online store system from OpenSolution Poland. A cross-site request forgery vulnerability exists in OpenSolution Quick.Cart version 6.7, which stems from a lack of cross-site request forgery protection in the product creation functionality that could lead to the...

Sweet Security Brings Runtime-CNAPP Power to Windows

Tel Aviv, Israel, 29th October 2025, CyberNewsWire...

EUVD-2025-36664

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

EUVD-2025-36648

Jenkins Eggplant Runner Plugin protection mechanism disabled...

EUVD-2025-36649

Jenkins JDepend Plugin vulnerable to XML external entity attacks...