RHSA-2025:11339 Red Hat Security Advisory: cloud-init security update

Bulletin has no description...

RHSA-2025:11327 Red Hat Security Advisory: glib2 security update

Bulletin has no description...

CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302

The CVE-2025-4302 issue affects the Stop User Enumeration WordPress plugin prior to version 1.7.3, where an authentication bypass is possible by URL-encoding the REST API path /wp-json/wp/v2/users/. This bypass defeats the plugin’s user-enumeration protections, and may facilitate brute-force atte...

IDFace: Face Template Protection for Efficient and Secure Identification

As face recognition systems FRS become more widely used, user privacy becomes more important. A key privacy issue in FRS is protecting the user's face template, as the characteristics of the user's face image can be recovered from the template. Although recent advances in cryptographic tools such...

Lenovo Protection Driver 安全漏洞

Lenovo Protection Driver is a hard disk protection system from Lenovo China. A security vulnerability exists in Lenovo Protection Driver prior to version 5.1.1110.4231, which stems from a buffer overflow vulnerability that could lead to the execution of arbitrary code by a local privileged user...

PT-2025-29959 · Lenovo · Lenovo Browser +3

Name of the Vulnerable Software and Affected Versions: Lenovo Protection Driver versions prior to 5.1.1110.4231 Description: A buffer overflow issue exists in the Lenovo Protection Driver, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store. A local attacker with elevated privileges c...

The vulnerability of the Golang programming language, related to insufficient protection of sensitive data, allows attackers to gain access to potentially confidential information.

The vulnerability of the Golang programming language is related to the insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to potentially confidential information...

DSA-5963-1 chromium - security update

Bulletin has no description...

How Secure Is Online Fax: Privacy and Data Protection Standards

When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is…...

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

Since 2022, the number of human-operated ransomware-linked encounters by organizations surged by 2.75x. Yet, Microsoft Defender for Endpoint has outpaced this rise, reducing the number of successful attacks by 3x, proving its power to turn the tide against evolving cyberthreats.1 Defender for...

CVE-2024-9342

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in...

The vulnerability of the Windows SmartScreen security function in Microsoft Windows operating systems allows a hacker to circumvent existing security restrictions.

The vulnerability of the Windows SmartScreen security function in Microsoft Windows systems relates to a breach of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent existing security restrictions...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Thunderbird email client, related to insufficient protection of administrative data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Thunderbird email client is related to insufficient protection for administrative data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Python Requests HTTP request library allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Python Requests HTTP request library is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information from a remote location...

SUSE: Security Advisory (SUSE-SU-2025:02308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

CVE-2025-50106

...

CVE-2025-50083

...