CVE-2021-4479

Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload th...

PT-2026-43850

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cache check wi...

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

Astra Linux - уязвимость в libstb

stbimage is a single-file library licensed under MIT that processes images. It might seem like stbiloadgifmain does not provide any guarantees regarding the content of the output value delays in case of failure. Although it sets delays to zero at the beginning, it does not do so if the image is n...

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVEs with a CVSS Score Greater Than or Equal to 9

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage from cyberattacks. This paper provides a thorough analysis...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011159 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: avoid stalls in fqpietimer When setting a high number of flows limit being 6553...

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

[SECURITY] Fedora 43 Update: libcgif-0.5.3-1.fc43

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

mansstimap

mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...

When Satellite Data Becomes a Weapon

As war reshapes the Gulf, the satellite infrastructure the world relies on to see conflict clearly is being delayed, spoofed, and privately controlled—and nobody is sure who is responsible...

Event-Driven Vulnerability Exposure Management (VEM): Why you should move beyond Human Triggers

& The traditional approach to vulnerability management has long followed a familiar pattern: security teams log into their vulnerability management platforms, run scans, generate reports, analyze findings, and then prioritize remediation efforts. Rinse and repeat. While this on-demand model has...

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecuri...

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

Autonomous Endpoint Management Isn’t Just Efficiency, It’s a Security Imperative

Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the j1939sessionactivate function being able to successfully activate devices when they are not...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

EUVD-2020-30916

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

PT-2026-5280

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add entry.php endpoint to determine user existence by measuring...

CVE-2025-68934

Discourse has a DoS vulnerability (CVE-2025-68934) in the /drafts.json endpoint. Authenticated users can submit crafted payloads that trigger O(n^2) processing in Base62.decode, tying up workers for 35–60 seconds per request and exhausting the shared worker pool. Affected versions are prior to 3....