Astra Linux - уязвимость в firefox

There was a potential “use-after-free” vulnerability in SVG images if the Refresh Driver was destroyed at an inappropriate time. This could lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering that it had inadvertentl...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

EUVD-2026-28908

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

EUVD-2026-25414

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

PT-2026-34874

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

About the Remote Code Execution Vulnerability - n8n (CVE-2025-68613)

About Remote Code Execution Vulnerability - n8n CVE-2025-68613. n8n is a workflow automation platform available under a fair-code license. Improper Control of Dynamically-Managed Code Resources CWE-913 in the n8n workflow expression evaluation system allows a remote authenticated attacker without...

PayPal February 2026 Notice of Data Breach

PayPal has released this notice of data breach to its customers following a data exposure issue that spanned from July 1, 2025 to December 13, 2025...

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

CVE-2025-67475

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2025-67477

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...

Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology OT cybersecurity company Dragos, in a new intelligence brief published Tuesday,...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The...