Linux Distros Unpatched Vulnerability : CVE-2023-2013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

Linux Distros Unpatched Vulnerability : CVE-2022-24349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected XSS payload for actions' pages, and send it to other users. Malicious code has access to all the same...

Linux Distros Unpatched Vulnerability : CVE-2023-0450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible t...

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. "Instead of sending unsolicited...

Linux Distros Unpatched Vulnerability : CVE-2019-6795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

Linux Distros Unpatched Vulnerability : CVE-2017-5592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-55619

Summary: CVE-2025-55619 affects the Reolink Android app (version 4.54.0.4.20250526). The root cause is a hardcoded encryption key and IV, which attackers can leverage to decrypt access tokens and web session tokens stored in the app via reverse engineering. This vulnerability has a high impact (C...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

FUJIFILM Healthcare Americas Synapse Mobility

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

TencentOS Server 4: git (TSSA-2025:0618)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0618 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +324 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: SNYK:JAVA-ORGAPACHETIKA-12238980...

Linux Distros Unpatched Vulnerability : CVE-2024-3958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allow...

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerabilit...

CVE-2025-54464

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...

Linux Distros Unpatched Vulnerability : CVE-2019-9807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content...

MAL-2025-9325 Malicious code in @sequoia-engineering/eureka-utilities (npm)

The package @sequoia-engineering/eureka-utilities was found to contain malicious code...