DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts

Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti...

CVE-2026-40904

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

CVE-2025-7964

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual...

EUVD-2025-206576

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual...

CVE-2025-7964

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual...

CVE-2025-7964 Zigbee Router Denial of Service

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual...

PT-2026-5406

Name of the Vulnerable Software and Affected Versions Zigbee affected versions not specified Description A malformed 802.15.4 MAC Data Request can cause a Zigbee Coordinator to send a ‘network leave’ request to a Zigbee router. This results in the Zigbee Router becoming stuck in a state where it...

The Constitutionality of Geofence Warrants

The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing...

Mozilla Thunderbird < 17.0.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 17.0.7. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-54 advisory. - Do not send data XHR HEAD requestCVE-2013-1692 CVE-2013-1692 Note that Nessus has not tested for this issue but...

CVE-2025-36924

CVE-2025-36924 describes an out-of-bounds write in ss_DecodeLcsAssistDataReqMsg() within ss_LcsManagement.c due to an incorrect bounds check. The impact is remote escalation of privilege with no additional execution privileges needed and no user interaction required. Connected sources include And...

PUB-A-422442679

In ssDecodeLcsAssistDataReqMsgvoid of ssLcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for Race Condition in Vercel Next.Js

CVE-2025-32421---Race-Condition-Vulnerability---Next.js PoC La...

CVE-2025-41068 Reachable Assertion vulnerability in Open5GS

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

What does Google know about me? (Lock and Code S06E21)

This week on the Lock and Code podcast … Google is everywhere in our lives. It's reach into our data extends just as far. After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the othe...

CVE-2025-58579

Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration...

EUVD-2024-22199

Malicious code in bioql PyPI...

kernel: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpmpdsvdm It is possible that typecregisterpartner returns ERRPTR on failure. When port-partner is an error, a NULL pointer dereference may occur as shown below. 91222.095236 T31...

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...