CVE-2025-49845

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

CVE-2023-47298

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the...

Q-AIM: a Unified Portable Workflow for Seamless Integration of Quantum Resources

Quantum computing QC holds the potential to solve classically intractable problems. Although there has been significant progress towards the availability of quantum hardware, a software infrastructure to integrate them is still missing. We present Q-AIM Quantum Access Infrastructure Management to...

SUSE CVE-2022-50134

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

Fake bank ads on Instagram scam victims out of money

Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal BMO and EQ Bank Equitable Bank in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence AI...

CVE-2022-50134

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

DEBIAN-CVE-2022-50134

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

UBUNTU-CVE-2022-50134

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

CVE-2022-50134 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

CVE-2022-50134

CVE-2022-50134 affects the Linux kernel RDMA/hfi1 path. The issue is a memory leak in setup_base_ctxt(): when allocating a uctxt->groups chunk via hfi1_alloc_ctxt_rcv_groups(), failure of init_user_ctxt() can leave uctxt->groups unreleased, causing a leak. The referenced advisories specify ...

CVE-2022-50058 vdpa_sim_blk: set number of address spaces and virtqueue groups

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

protobuf-python has a potential Denial of Service issue

Summary Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. Reporter: Alexis Challande, Trail of Bits...

GHSA-8QVM-5X2C-J2W7 protobuf-python has a potential Denial of Service issue

Summary Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. Reporter: Alexis Challande, Trail of Bits...

AZL-64145 CVE-2025-4565 affecting package protobuf for versions less than 25.3-5

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

Astra Linux – Vulnerability in protobuf

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can be corrupted due to exceeding the stack limit, i.e., StackOverflow. Parsing nested groups as unknown fields using the DiscardUnknownFieldsParser or the Java Protobuf...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxdcleanup helper The idxdcleanup helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxdcleanup helper to avoid code duplication. Note, this also...

Locally Differentially Private Frequency Estimation Via Joint Randomized Response

Local Differential Privacy LDP has been widely recognized as a powerful tool for providing a strong theoretical guarantee of data privacy to data contributors against an untrusted data collector. Under a typical LDP scheme, each data contributor independently randomly perturbs their data before...