Amazon Linux 2 : kernel, --advisory ALAS2-2025-2988 (ALAS-2025-2988)

The version of kernel installed on the remote host is prior to 4.14.355-280.679. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2988 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in...

block: RCU protect disk->conv_zones_bitmap

...

mm: clear uffd-wp PTE/PMD state on mremap()

...

drm/i915/hdcp: Add encoder check in hdcp2_get_capability

...

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2023 Release 1, which originates from an end-of-buffer memory...

Release Information for Veeam ONE 13.0.1 Patch 1

Veeam ONE 13 Releases 13.0.2.6723 2026-05-27 What's New New Features and Improvements Suspicious Incremental Backup Size Alarm -- Extended Platform Support The Suspicious Incremental Backup Size alarm now covers all platforms supported in Veeam ONE v13, including Proxmox VE, oVirt KVM Oracle Linu...

Cisco Unified Communications Manager 跨站请求伪造漏洞

Cisco Unified Communications Manager is a call-processing component of a unified communications system from Cisco USA. This component provides a scalable, distributed, and highly available enterprise IP telephony call processing solution. A cross-site request forgery vulnerability exists in Cisco...

WordPress plugin Cookie Notice & Consent Banner for GDPR & CCPA Compliance 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Cookie...

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250812 release bsc1248438 CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250812 release bsc1248438 CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

Linux Distros Unpatched Vulnerability : CVE-2025-38638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6rtnotify inet6rtnotify can be called under RCU protection onl...

ASB-A-409318132

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747 Koillection csrf_protection_controller.js cross-site request forgery

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747 Koillection csrf_protection_controller.js cross-site request forgery

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...