TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon...

PT-2026-25587

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT rebuild...

ASUS Live Update < 3.6.8 Embedded Malicious Code (CVE-2025-59374)

The version of ASUS Live Update installed on the remote host is prior to 3.6.8 and, therefore, affected by an embedded malicious code vulnerability. - Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The...

CVE-2017-18847

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.1001.0.82, R8500 before 1.0.2.1001.0.82, and D8500 before 1.0.3.29...

PT-2025-53025

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s dmaengine subsystem, specifically within the qcom-adm module, related to an incorrect calling convention for the prep slave sg function. The prep slav...

PT-2025-46470

Name of the Vulnerable Software and Affected Versions Multimedia Class Scheduler Service MMCSS affected versions not specified Description A use after free condition exists in the Multimedia Class Scheduler Service MMCSS. This allows a locally authorized attacker to elevate privileges...

PT-2025-41346

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A memory corruption issue exists when processing escape commands originating from userspace. This can potentially lead to system instability or compromise. Approximately 2000...

EUVD-2024-28122

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-4162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes...

Linux Distros Unpatched Vulnerability : CVE-2017-7048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...

About the security content of iOS 18.6.2 and iPadOS 18.6.2

About the security content of iOS 18.6.2 and iPadOS 18.6.2 This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

CVE-2024-41797

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.1, SCALANCE XC316-8 6GK5324-8TS00-2AC2 All versions V3.1, SCALANCE XC324-4 6GK5328-4TS00-2AC2 All versions V3.1, SCALANCE XC324-4 EEC 6GK5328-4TS00-2EC2 All versions V3.1, SCALANCE XC332 6GK5332-0GA00-2AC2 All...

CVE-2021-45539

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before...

About Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability

About Remote Code Execution - Erlang/OTP CVE-2025-32433 vulnerability. Erlang is a programming language used to build massively scalable soft real-time systems with requirements for high availability. Used in telecom, banking, e-commerce, telephony, and messaging. OTP is a set of Erlang libraries...

CVE-2024-53648

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V9.90, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V9.90, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V9.90, SIPROTEC 5 6MD89 CP300 All versions V9.90, SIPROTEC 5...

SAMSUNG Mobile Processor多款产品 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in various SAMSUNG Mobile Processor products, which stems from a lack of input validation checking for a length from user space in the function slsirxscanind, which could lead to an...

PT-2024-5635 · Nginx · Nginx Plus

Name of the Vulnerable Software and Affected Versions: NGINX Plus affected versions not specified Description: The issue is related to a memory exhaustion vulnerability in the NGINX Plus MQTT pre-read module. It can be exploited by undisclosed requests, leading to an increase in memory resource...

PT-2024-15381 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.3 through 16.7.6 GitLab versions 16.7.6 through 16.8.3 GitLab versions 16.8.3 through 16.9.1 Description: An authorization bypass vulnerability was discovered in GitLab, allowing an attacker to bypass CODEOWNERS by utilizin...

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...