Linux Distros Unpatched Vulnerability : CVE-2023-38432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size...

📄 Malicious XDG Desktop File

This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...

CVE-2025-54590

CVE-2025-54590 affects webfinger.js (TypeScript WebFinger client). In versions 2.8.0 and earlier, the lookup function did not block localhost access (only basic localhost checks), enabling blind SSRF via crafted host/port/path in user addresses. Affected environments include browser and Node.js. ...

CVE-2025-54590 webfinger.js is vulnerable to Blind SSRF attacks through localhost

webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in...

eSIM Vulnerability in eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices...

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL

...

Can Large Language Models Automate the Refinement of Cellular Network Specifications?

Cellular networks serve billions of users globally, yet concerns about reliability and security persist due to weaknesses in 3GPP standards. However, traditional analysis methods, including manual inspection and automated tools, struggle with increasingly expanding cellular network specifications...

OESA-2025-1737 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.17p1, when used with a sudoers file that...

CVE-2025-38103

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse Update struct hiddescriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently...

CVE-2025-53359 ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability according to EIP-2 was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is...

Global Microprocessor Correctness in the Presence of Transient Execution

Correctness for microprocessors is generally understood to be conformance with the associated instruction set architecture ISA. This is the basis for one of the most important abstractions in computer science, allowing hardware designers to develop highly-optimized processors that are functionall...

gimp:2.8 security update

gimp 2:2.8.22-26.2 - fix CVE-2025-5473 RHEL-95696 2:2.8.22-26.1 - fix CVE-2025-48797 RHEL-93503 - fix CVE-2025-48798 RHEL-93506 pygobject2 2.28.7-5 - bump spec to fix NVR pygtk2 2.24.0-25 - Fix shebang mangling for prefix=app 1907579 - disable numpy for flatpak 1907579 python2-pycairo 1.16.3-7 -...

TencentOS Server 3: rust-toolset:rhel8 (TSSA-2022:0116)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0116 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2025-48946

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implici...

CVE-2025-48946 liboqs affected by theoretical design flaw in HQC

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implici...

Authentication and Authorization in Data Spaces: a Relationship-Based Access Control Approach for Policy Specification Based on ODRL

Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

CVE-2023-26449

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...

CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...