PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...

A Systematization of Security Vulnerabilities in Computer Use Agents

Computer Use Agents CUAs, autonomous systems that interact with software interfaces via browsers or virtual machines, are rapidly being deployed in consumer and enterprise environments. These agents introduce novel attack surfaces and trust boundaries that are not captured by traditional threat...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-48927link is external TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928link is external TeleMessage TM...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

DEBIAN-CVE-2025-52999

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models

As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...

iputils security update

20210202-11.0.1.1 - Upstream backport 'ping: Add SARESTART to saflags' Orabug: 34573399 20210202-11.1 - Fix CVE-2025-47268 iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping RHEL-94335 20210202-11 - ping: Fix ping6 binding to VRF and address RHEL-57734 20210202-10 -...

Agent Capability Negotiation and Binding Protocol (ACNBP)

As multi-agent systems evolve to encompass increasingly diverse and specialized agents, the challenge of enabling effective collaboration between heterogeneous agents has become paramount, with traditional agent communication protocols often assuming homogeneous environments or predefined...

Narrowing the Gap between TEEs Threat Model and Deployment Strategies

Confidential Virtual Machines CVMs provide isolation guarantees for data in use, but their threat model does not include physical level protection and side-channel attacks. Therefore, current deployments rely on trusted cloud providers to host the CVMs' underlying infrastructure. However, TEE...

SUSE CVE-2022-49972

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix corrupted packets for XDPSHAREDUMEM Fix an issue in XDPSHAREDUMEM mode together with aligned mode where packets are corrupted for the second and any further sockets bound to the same umem. In other words, this does not...

CVE-2022-50144

In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slave' structure. This can lead to kernel oopses when unbinding codec drivers, e.g. with the following...

CVE-2022-49972

In CVE-2022-49972, the Linux kernel vulnerability concerns XDP_SHARED_UMEM mode (with aligned mode) where packets become corrupted for the second and subsequent sockets bound to the same umem; the first socket is unaffected. The root cause was that DMA addresses for the pre-populated xsk buffer p...

CVE-2022-49939

In CVE-2022-49939, the vulnerability is in the Linux kernel binder code where a race between closing a node reference and binder_deferred_release can cause a use-after-free: a weak_handle transaction may fail to increment a node’s reference, and if the target process is dying, the cleanup is dela...

PT-2025-25898 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the XDP SHARED UMEM mode in the Linux kernel, where packets are corrupted for the second and any further sockets bound to the same umem. This does not affect th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode; therefore, adev might be NULL. This can, for example theoretically, occur when a user manually binds one of the int3472 drivers to anoth...

BIT-POSTGRESQL-JDBC-DRIVER-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

SUSE CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

FreeBSD : PostgreSQL JDBC library -- Improper Authentication (2a220a73-4759-11f0-a44a-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a220a73-4759-11f0-a44a-6cc21735f730 advisory. PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite...

Man-In-The-Middle (MITM)

org.postgresql:postgresql is vulnerable to Man-In-The-Middle MITM. The vulnerability is due to improper enforcement of channel-binding requirements in the driver allowing authentication methods that do not support channel binding e.g., password, MD5, GSS, SSPI even when channel binding is set to...

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...