GHSA-H5FG-JPGR-RV9C Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

EUVD-2022-54773

In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

EUVD-2025-35350

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...

WordPress plugin PixelYourSite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of IRQ security protection in the netlinkseterr function, which could lead to a deadlock...

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

Independent Results Confirm Rapid7’s NGAV Delivers Strong, Reliable Protection

At Rapid7, we measure success by how well we protect our customers in the real world. That’s why independent testing like the AV-Comparatives Business Security Test matters. It’s a trusted benchmark for how endpoint security products perform against today’s constantly evolving threats, and how th...

EUVD-2022-54827

In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash directfunctions on register failures We see the following GPF when registerftracedirect fails: general protection fault, probably for non-canonical address \ 0x200000000000010: 0000 1 PREEMPT SMP...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987659 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvterrorqp to prevent a race condition The documentation of the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987554 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987531 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflo...

Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024153 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Wordfence Bug Bounty Program Monthly Report – September 2025

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

PT-2025-49096

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the KVM arm64 component related to memory sharing with FF-A. Insufficient validation of offsets can lead to out-of-bounds access within the hypervisor...

WebRTC Metadata and IP Leakage in Modern Browsers: A Cross-Platform Measurement Study

Web Real-Time Communication WebRTC enables real-time peer-to-peer communication, but its Interactive Connectivity Establishment ICE process can unintentionally expose internal and public IP addresses as metadata. This paper presents a cross-platform measurement study of WebRTC metadata leakage...

CVE-2025-58079

Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...

CVE-2025-58079

The advisory shows CVE-2025-58079 in desknet’s NEO AppSuite (desknet’s NEO, versions V4.0R1.0–V9.0R2.0) with CWE-424 (Improper Protection of Alternate Path). Root cause: improper access protection enabling a remote attacker to create malicious AppSuite applications. Impact per sources indicates a...

CVE-2025-58079

Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...