CVE-2026-28527

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

ASB-A-483074618

In multiple locations, there is a possible way to access unexpected data due to multiple causes. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Data Breaches in 2026: What’s old, what’s new?

Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses...

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting XSS remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than root causes. Across vulnerability reports and incident response investigations, both within Microso...

SmartSoft SmartFTP Client security vulnerabilities

SmartSoft SmartFTP Client is a file transfer software client developed by SmartSoft Corporation. Version 10.0.2909.0 of SmartSoft SmartFTP Client contains security vulnerabilities. These vulnerabilities stem from multiple denial-of-service vulnerabilities, which may lead to the application crashi...

Celestial AbsoluteTelnet Buffer Error Vulnerability

Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.24 of Celestial AbsoluteTelnet contains a buffer error vulnerability. This vulnerability stems from manipulating the username and error report fields, which could allow local...

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

SecTracer: A Framework for Uncovering the Root Causes of Network Intrusions Via Security Provenance

Modern enterprise networks comprise diverse and heterogeneous systems that support a wide range of services, making it challenging for administrators to track and analyze sophisticated attacks such as advanced persistent threats APTs, which often exploit multiple vectors. To address this challeng...

CVE-2025-53068

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.13.0 and earlier, which originates from an unauthenticated external URL and could allow an attacker to crash the application by sending a specially...

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises

Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...

An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility CCAM are complex cyber-physical systems CPS that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip SoC platforms consolidate processing units, communication interfaces, AI accelerators, an...

PT-2025-46739

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's crypto/skcipher implementation related to the handling of request sizes. A change introduced by commit afddce13ce81d added the cra reqsize field in th...

EUVD-2025-3290

Malicious code in bioql PyPI...

Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

Given their vital importance for governments and enterprises around the world, we need to trust public clouds to provide strong security guarantees even in the face of advanced attacks and hardware vulnerabilities. While transient execution vulnerabilities, such as Spectre, have been in the...

SMB Kerberos Not Working

The scan was configured to use Kerberos for Windows authentication, but Kerberos failed at least once for this host. There are many causes for Kerberos failure in a Windows environment. They include: Lack of time synchronization between the DC, scanner and target. DC or targets were not specified...

The vulnerability of the ufs-qcom.c component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ufs-qcom.c component in the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a system failure...

Characterising Bugs in Jupyter Platform

As a representative literate programming platform, Jupyter is widely adopted by developers, data analysts, and researchers for replication, data sharing, documentation, interactive data visualization, and more. Understanding the bugs in the Jupyter platform is essential for ensuring its...

DEBIAN-CVE-2022-50132

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If 'ep' is NULL, result of eptocdns3epep is invalid pointer and its dereference with privep-cdns3dev may cause panic. Found by Linux...

Adobe InDesign Desktop 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...