CLSA-2025-1760020498 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...

Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059182 fixes several issues. The following security issues were fixed: CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072...

BIT-ELK-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

SUSE-SU-2025:03504-1 Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059185 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. -...

SUSE-SU-2025:03503-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. -...

Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072...

Bloodroot: When Watermarking Turns Poisonous for Stealthy Backdoor

Backdoor data poisoning is a crucial technique for ownership protection and defending against malicious attacks. Embedding hidden triggers in training data can manipulate model outputs, enabling provenance verification, and deterring unauthorized use. However, current audio backdoor methods are...

PT-2025-41454

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.9.0.5 Description New API is a large language model LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF issue exists because the application does not...

SUSE SLES12 Security Update : kernel (Live Patch 65 for SLE 12 SP5) (SUSE-SU-2025:03496-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03496-1 advisory. This update for the Linux Kernel 4.12.14-122247 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix...

Security Bulletin: IBM Guardium Data Protection is affected by kernel vulnerabilities.

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-52478 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has...

Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122250 fixes several issues. The following security issues were fixed: CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. CVE-2025-21791...

Akamai Named a Gartner Peer Insights Customers’ Choice for WAAP Six Years in a Row

...

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650...

CVE-2025-48464

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464

CVE-2025-48464 describes a vulnerability in Sync that could allow an unauthenticated attacker to access a victim’s Sync account data, including account credentials and email protection information. The available documents identify the affected product as Sync and cite unauthorized access to sensi...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122234 fixes several issues. The following security issues were fixed: CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. CVE-2025-38477...

A Multi-Layered Embedded Intrusion Detection Framework for Programmable Logic Controllers

Industrial control system ICS operations use trusted endpoints like human machine interfaces HMIs and workstations to relay commands to programmable logic controllers PLCs. Because most PLCs lack layered defenses, compromise of a trusted endpoint can drive unsafe actuator commands and risk...

DuckDuckGo Browser 安全漏洞

DuckDuckGo Browser is a web browser from DuckDuckGo, Inc. A security vulnerability exists in DuckDuckGo Browser that originates from an unauthenticated attacker having access to account data, which could lead to the disclosure of credentials and email protection information...