795 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-22044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in...
Linux Distros Unpatched Vulnerability : CVE-2025-21890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transpor...
Linux Distros Unpatched Vulnerability : CVE-2025-22115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive...
MAL-2025-6343 Malicious code in storybook-core-core-server-presets-0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c26c4c0005ab8afcf7090a2e281324e67b2250f8a69956e559c51775ec00efca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6217 Malicious code in bingo-pretty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9cd7f456a7e51d21294046604654fa4f3ec5b9ee11c7acd713ab08ad6838da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in kiwi-module-seo-featured (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c24e834cb597541f0c8dcba8a3ce294a90caaefaec74f82d2e208a5b590581f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5976 Malicious code in white-oganesson (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59cd363bc35266e8da511b349bb11e84db784a1bbd5fe29148aadb24aaeef2f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5937 Malicious code in neolang-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a41d15d10a19dc41dd5c801307932369ed7f51380fcc0fdb1478e0ac2b7ce9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond
In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...
Taiwan NSB Alerts Public on Data Risks from Douyin, Weibo, and RedNote Over China Ties
Taiwan's National Security Bureau NSB has warned that China-developed applications like RedNote aka Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried ou...
MAL-2025-5148 Malicious code in sentry-docs (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 688bb145ba010593bc53d4870250dfa7bc897a70a613291ed2352ba008314c84 Any computer that has this package installed or running should be considered...
CVE-2025-49585
XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...
CVE-2021-24386
The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to...
CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent
Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...
Zoom attack tricks victims into allowing remote access to install malware and steal money
Be careful when talking to people you've not met with before over the Zoom video conferencing system; you might get more than you bargained for. Two CEOs were recently targeted by a Zoom-based attack. One spotted it in time - and sadly, one did not. The attack is by a crime group that the Securit...
CVE-2025-31334
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be execut...
WinRAR 安全漏洞
WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR versions prior to 7.11 that stems from a symbolic link bypassing the security warning feature, which could...
PT-2025-14579 · Winrar · Winrar
Name of the Vulnerable Software and Affected Versions: WinRAR versions prior to 7.11 Description: A security issue exists in WinRAR that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file. If a symbolic link specially...
Linux Distros Unpatched Vulnerability : CVE-2025-21634
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump:...