Fedora 43 : bind9-next (2025-b68f7f541d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b68f7f541d advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

Enhancing Password Security through a High-Accuracy Scoring Framework Using Random Forests

Password security plays a crucial role in cybersecurity, yet traditional password strength meters, which rely on static rules like character-type requirements, often fail. Such methods are easily bypassed by common password patterns e.g., 'P@ssw0rd1!', giving users a false sense of security. To...

Binary and Multiclass Cyberattack Classification on GeNIS Dataset

The integration of Artificial Intelligence AI in Network Intrusion Detection Systems NIDS is a promising approach to tackle the increasing sophistication of cyberattacks. However, since Machine Learning ML and Deep Learning DL models rely heavily on the quality of their training data, the lack of...

OPENSUSE-SU-2025:20035-1 Security update for micropython

This update for micropython fixes the following issues: Changes in micropython: - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 Version 1.26.0: Added machine.I2CTarget for creating I2C target devices on multiple ports. New MCU support: STM32N6xx 800 MHz, ML accel &...

Unbreakable Enterprise kernel security update

5.15.0-314.193.5.3 - Revert 'cpufreq: Introduce an optional cpuinfoavgfreq sysfs entry' Samasth Norway Ananda Orabug: 38633525 5.15.0-314.193.5.2 - i40e: add validation for ringlen param Lukasz Czapnik Orabug: 38607608 CVE-2025-39973 - i40e: increase max descriptors for XL710 Justin Bronder Orabu...

A Secured Intent-Based Networking (SIBN) with Data-Driven Time-Aware Intrusion Detection

While Intent-Based Networking IBN promises operational efficiency through autonomous and abstraction-driven network management, a critical unaddressed issue lies in IBN's implicit trust in the integrity of intent ingested by the network. This inherent assumption of data reliability creates a blin...

CVE-2025-12582

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

[SECURITY] Fedora 42 Update: kddockwidgets-1.7.0-29.fc42

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

Automated and Explainable Denial of Service Analysis for AI-Driven Intrusion Detection Systems

With the increasing frequency and sophistication of Distributed Denial of Service DDoS attacks, it has become critical to develop more efficient and interpretable detection methods. Traditional detection systems often struggle with scalability and transparency, hindering real-time response and...

PT-2025-45287

Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through = 1.2.3...

CVE-2025-12497 Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path]

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

CVE-2025-12497 Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path]

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

CVE-2025-12582

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-12582

The CVE-2025-12582 vulnerability affects the WordPress Features plugin up to version 0.0.2, caused by a missing capability check on the features_revert_option AJAX endpoint. This allows authenticated users with Subscriber-level access (and above) to modify data by reverting options, exposing unau...

CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

[SECURITY] Fedora 43 Update: uv-0.9.5-1.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

WordPress Features plugin <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Option Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Module Features versions = 0.0.2...

Smartphone User Fingerprinting on Wireless Traffic

Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user...

Drupal Features Module <= 0.0.2 is vulnerable to Broken Access Control

Software Features Type Module Vulnerable versions = 0.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-12582 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b7c0646055d Credits Nabil Irawan - Heroes Cyber Security...