CVE-2025-43220

This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...

CVE-2025-43243

CVE-2025-43243 is a macOS vulnerability describing a permissions issue that could allow an app to modify protected parts of the file system. The issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, and macOS Sonoma 14.7.7. According to the CVE entry, the CVSS v3.1 base score is 9.8 (CRITIC...

GO-2025-3818 Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server

Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server...

RLSA-2025:9581 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 kernel: security/keys: fix slab-out-of-bounds in...

mod_auth_openidc:2.3 security update

An update is available for module.cjose, module.modauthopenidc, modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

RHSA-2025:11888 Red Hat Security Advisory: icu security update

Bulletin has no description...

Security Bulletin: NVIDIA Omniverse Launcher - July 2025

NVIDIA has released a software update for NVIDIA® Omniverse Launcher. To protect your system, download and install this software update from the Omniverse Launcher Overview Page. Go to NVIDIA Product Security...

PT-2025-31284 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.6 Description: A flaw allows an application to potentially access protected user data due to a downgrade issue. This issue was addressed with additional code-signing restrictions. Recommendations: Update to macOS...

PT-2025-31302

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.9 macOS Sequoia versions prior to 15.6 macOS Sonoma versions prior to 14.7.7 macOS Ventura versions prior to 13.7.7 Description: The issue involves incorrect symlink resolution prior to file access. Exploitation...

PT-2025-31332 · Apple · Macos Sequoia 15.6 +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.6 macOS versions prior to Sonoma 14.7.7 Description: An application may be able to hijack entitlements granted to other privileged applications due to improved data protection. Recommendations: Update to mac...

Important: kernel-livepatch-6.1.140-154.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...

PT-2025-31320 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.6 macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 Description: A flaw allows an application to potentially access protected user data due to a downgrade issue. This issue was addressed with additional...

Important: kernel-livepatch-6.1.134-150.224

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...

Important: kernel-livepatch-6.1.134-152.225

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...

SUSE CVE-2025-38460

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

GO-2025-3790 File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser

File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser...

CVE-2025-30126

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being...

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

A week in security (July 21 – July 27)

A list of topics we covered in the week of July 21 to July 27 of 2025 Last week on Malwarebytes Labs: Steam games abused to deliver malware once again Watch out: Instagram users targeted in novel phishing campaign Age verification: Child protection or privacy risk? iPhone vs. Android: iPhone user...

kernel: net/sched: fix use-after-free in taprio_dev_notifier

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...