Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

SUSE CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

USN-7838-1: fetchmail vulnerability

It was discovered that the fetchmail SMTP client incorrectly handled certain status code messages. An attacker controlling a malicious server could possibly use this issue to cause fetchmail to crash, resulting in a denial of service...

USN-7838-1 fetchmail vulnerability

It was discovered that the fetchmail SMTP client incorrectly handled certain status code messages. An attacker controlling a malicious server could possibly use this issue to cause fetchmail to crash, resulting in a denial of service...

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the audit logging process. An attacker can obtain sensitive information by accessing improperly redacted HTTP request bodies recorded in audit logs. This may expose short-lived...

OpenBao leaks HTTPRawBody in Audit Logs

Impact OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacted the following subsystems: - When using the ACME functionality of PKI, this would result in short-lived ACME verification challenge codes being leaked...

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

EUVD-2025-35626

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

CVE-2025-62513 OpenBao leaks HTTPRawBody in Audit Logs

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

Information Disclosure

Liferay Portal is vulnerable to Information Disclosure. The vulnerability is due to improper handling of object entry enumeration responses, which allows an attacker to determine the existence of specific External Reference Codes ERC in the application by exploiting response time differences...

OpenBao 日志信息泄露漏洞

OpenBao is an OpenBao open source sensitive data management software. A log information disclosure vulnerability exists in OpenBao versions 2.2.0 through 2.4.1, which stems from audit logs that do not properly edit the original HTTP body, which could lead to the disclosure of ACME authentication...

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Introduction Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some ar...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987639 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tlserrabort calls sk-skerr appears to expect a positive value, a...

CVE-2025-10750

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750

The CVE CVE-2025-10750 concerns the WordPress PowerBI Embed Reports plugin (

CVE-2025-41704

An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality...

Pixel-stealing “Pixnapping” attack targets Android devices

Researchers at US universities have demonstrated how a malicious Android app can trick the system into leaking pixel data. That may sound harmless, but imagine if a malicious app on your Android device could glimpse tiny bits of information on your screen—even the parts you thought were secure,...

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication 2FA codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed...

WordPress CM Registration – Tailored tool for seamless login and invitation-based registrations plugin <= 2.5.6 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CM Registration and Invitation Codes versions = 2.5.6...