PT-2026-46346

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46326

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

CVE-2026-8973

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8953 Sandbox escape due to use-after-free in the Disability Access APIs component

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8946

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

PT-2026-21357

Name of the Vulnerable Software and Affected Versions Cloud Hypervisor versions 34.0 through 50.0 Description Cloud Hypervisor, a Virtual Machine Monitor for Cloud workloads, has an issue where a malicious guest can potentially access sensitive host files. This occurs when using virtio-block...

PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

Mozilla Firefox < 51.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired...

MAL-2025-165035 Malicious code in rival-poke51 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08ef17468e670783fdd21a1cc3063467cd0fa89df38656a40b026e1d5d5276f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bitha-51 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 146504a69ebd3f3dc97a4976f2268db27b464079718103ab3a3f9dba2471f7dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

ClipBucket SQL注入漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A SQL injection vulnerability exists in ClipBucket v5 versions 5.5.2 through 151 and earlier, which originates from a certified administrator with plugin management...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.51 CNF IBU extras update

An update for ibu components is available for Red Hat OpenShift Container Platform 4.16. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...

StarNet FastX 安全漏洞

StarNet FastX is a remote desktop software from StarNet USA. A security vulnerability exists in StarNet FastX 4.1.51 and prior versions that stems from a path traversal flaw that could allow an unauthenticated attacker to read arbitrary files...

AI Forensics Help Europol Track 51 Children in Global Online Abuse Case

Europol and 18 countries used AI forensics to identify 51 child victims and 60 suspects in a global online abuse investigation...

Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair

Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...

Linux Distros Unpatched Vulnerability : CVE-2025-29785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to...

CVE-2025-50063

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...