VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics SVG files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded...

CVE-2025-55944

Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...

SUSE CVE-2025-38689

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-38689 x86/fpu: Fix NULL dereference in avx512_status()

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...

CVE-2025-38689 x86/fpu: Fix NULL dereference in avx512_status()

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...

libp2p nodes vulnerable to attack using large RSA keys

...

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

...

net: hns3: don't auto enable misc vector

...

mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector

...

CVE-2025-57615

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...

Ubuntu: Security Advisory (USN-7732-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the AVX-512 state function not checking for NULL pointers...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a logic error in the VerifyNoToverlapInSessions function in apexd.cpp that results in the blocking of security updates via mainline installation...

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

...

CVE-2025-55944

Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...

CVE-2025-55944

CVE-2025-55944 concerns Slink v1.4.9, where stored XSS can be triggered by crafted SVG uploads. The vulnerability arises when a user views the shared image in a new tab, allowing embedded JavaScript to execute for both authenticated and unauthenticated users. Technical specifics across connected ...

Slink 安全漏洞

Slink is a self-hosted image sharing service by the individual developer Andrii Kryvoviaz. A security vulnerability exists in Slink v1.4.9, which stems from the vulnerability of specially crafted SVG uploads to stored cross-site scripting attacks...