EUVD-2025-19895

Malicious code in bioql PyPI...

US Government Seeks Medical Records of Trans Youth

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere...

CVE-2025-49846

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846 wire-ios accidentally logs message contents

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846 wire-ios accidentally logs message contents

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846 wire-ios accidentally logs message contents

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846

Summary : CVE-2025-49846 affects the Wire iOS client. For Wire iOS versions 3.111.1–3.124.1, messages visible in the viewport were logged in clear text to the iOS system logs due to canOpenUrl() being called with an invalid URL, with access requiring physical possession of an unlocked device. The...

Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products

Progress Software has released an emergency patch for a critical 10/10 severity vulnerability CVE-2024-7591 in its LoadMaster products,…...

CISA Urges Sites to Patch Critical RCE in Discourse

Discourse – the ultra-popular, widely deployed open-source community forum and mailing list management platform – has a critical remote code-execution RCE bug that was fixed in an urgent update on Friday. Tracked as CVE-2021-41163, the flaw is found in Discourse versions 2.7.8 and earlier. It’s...

Another day, another zero-day for Google Chrome

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google has published an emergency fix 94.0.4606.71 to address the latest zero-day vulnerabilities CVE 2021 37975, CVE 2021 37976. These are the fourth and fifth zero days of the month. These flaws have been exploited in the...

Security Bulletin: Open Source GNU glibc Vulnerabilities which is used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-1000366)

Summary There are vulnerabilities in the Open Source GNU glibc that is used by the OS Images for IBM PureApplication Software Suite, IBM Bluemix Local System and IBM PureApplication System/Software Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to...

Security Bulletin: A vulnerability in IBM® Java™ SDK affects IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. (CVE-2016-3485)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. This issue was disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTIO...

Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2015-5277)

Summary A vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. Vulnerability Details CVEID: CVE-2015-5277 DESCRIPTION: GNU C Library glibc could allow a local attacker to gain elevated privileges on the system, caused by a heap corruption error in the nssfiles...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems and AIX (CVE-2015-0410 and CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 and 7 that are used by IBM OS Images for Red Hat Linux Systems and AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but...

The Dropbox SDK, there is a remote exploit, has been an emergency fix-bug warning-the black bar safety net

! The Dropbox developers recently fixed the Android version of the Dropbox SDK to store the application on a remote exploitation vulnerability, an attacker exploit the vulnerability without user consent directly to the app and the Dropbox account is connected. As long as the user installed...

[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360

Hi, This is the 8th part of the ManageOwnage series. For previous parts see 1. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory...

ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine...