CVE-2025-61640

CVE-2025-61640 is a Cross-Site Scripting vulnerability in Wikimedia Foundation MediaWiki related to the file resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. It affects MediaWiki versions prior to 1.39.14, 1.43.4, and 1.44.1. The description in connected sources confirms an input handli...

CVE-2025-61640 Stored XSS through system messages in Special:RecentChangesLinked (MW Core)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from before...

CVE-2025-61643

CVE-2025-61643 affects Wikimedia Foundation MediaWiki before versions 1.39.14, 1.43.4, and 1.44.1, with the issue tied to program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. Debian advisories list broader issues in MediaWiki and provide fixes: bookworm in 1.39.17-1~deb12u1 and tr...

CVE-2025-61643 EventStreams publishes suppressed recent change entries that are suppressed from their creation

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50979 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (RS485)

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...

CVE-2022-50979

CVE-2022-50979 affects Innomic VibroLine VLX and avibia AVLX devices. An unauthenticated adjacent attacker can disrupt operations by switching between multiple configuration presets via Modbus (RS485). The impact is focused on availability (disruption of operations) with no confidentiality/integr...

CVE-2022-50978 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (TCP)

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...

OPENSUSE-SU-2026:20148-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver PMD allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface bsc1254161. Other issues fixed...

A week in security (January 26 – February 1)

Last week on Malwarebytes Labs: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group TikTok’s privacy update mentions immigration status. Here’s why. Meta confirms it’s working on premium subscription for its apps Microsoft Office zero-day lets malicious documents slip past securi...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

CVE-2026-22888

Cybozu Garoon 5.0.0–6.0.3 has an improper input verification vulnerability that could allow unauthorized alteration of portal settings and potentially block access to the product. Affected component/behavior is portal settings verification; no exploitation details or remediation/fix are provided ...

EUVD-2026-5121

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

PT-2026-5617

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

QuietPrint: Protecting 3D Printers against Acoustic Side-Channel Attacks

The 3D printing market has experienced significant growth in recent years, with an estimated revenue of 15 billion USD for 2025. Cyber-attacks targeting the 3D printing process whether through the machine itself, the supply chain, or the fabricated components are becoming increasingly common. One...

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-based OA office system developed by Cybozu Corporation. This system provides functions such as portals, email, bookmarks, calendar management, bulletin boards, and file management. Versions of Cybozu Garoon from 5.0.0 to 6.0.3 have security vulnerabilities. These...

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

openssl security update

3.5.1-7.0.1fips - Update additional upstream references - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35824276 - Update FIPS module name Orabug: 35824276 3.5.1-7.0.1 - Enable openssl-fips-provider dependency Orabug: 36504822 - Temporary disable...