RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:19573)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19573 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

EUVD-2026-20546

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

Gaming Clans Become Growth Engine for Playnance Ecosystem

Playnance partners with KGeN, connecting its Web3 gaming ecosystem to 53M gamers and 30K clans through community-driven platforms...

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting...

EUVD-2025-204785

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

SUSE-SU-2025:4416-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208....

WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...

EUVD-2017-14554

Malware in sbrugna...

CVE-2025-61691

VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product...

CVE-2025-61692

VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product...

KEYENCE VT STUDIO 资源管理错误漏洞

KEYENCE VT STUDIO is a human-machine interface screen design and configuration software from KEYENCE Japan. A resource management error vulnerability exists in KEYENCE VT STUDIO version 8.53 and earlier, which originates from a reuse after release and could lead to the execution of arbitrary code...

Low: Red Hat Security Advisory: openldap security update

An update for openldap is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-0537

The CVE-2025-0537 entry concerns Code-Projects’ Car Rental Management System 1.0. The vulnerability is triggered by manipulating the pgdetails parameter in /admin/manage-pages.php, causing a cross-site scripting (XSS) flaw. This is described as remotely initiable; the exploit has been disclosed p...

PT-2024-11525 · Ysoft · Y Soft Safeq

Name of the Vulnerable Software and Affected Versions: Y Soft SAFEQ version 6 Build 53 Description: Multiple Stored Cross-Site Scripting issues were discovered in the YSoft SafeQ web application. The lack of output sanitization in multiple fields allows for the injection of malicious inputs,...

SUSE CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

PT-2024-12053 · Unknown · Gruen Evewa3 Community

Name of the Vulnerable Software and Affected Versions: GRUEN eVEWA3 Community versions 31 through 53 Description: A Cross Site Scripting XSS vulnerability in evewa3ajax.php allows attackers to obtain escalated privileges via a crafted request to the "login panel". Recommendations: For versions 31...

LockBit Ransomware Extorts $91 Million from U.S. Companies

The threat actors behind the LockBit ransomware-as-a-service RaaS scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That's according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency CISA, the...

CVE-2023-26457 Cross-Site Scripting (XSS) vulnerability in SAP Content Server

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

SUSE CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox...