CVE-2022-49325

In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...

Azure Linux 3.0 Security Update: golang (CVE-2024-9355)

The version of golang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9355 advisory. - A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an...

CVE-2024-57955

creationtimestamp| type| source ---|---|--- 2025-02-06 13:16:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhj6b5xziy2n 2025-02-06 16:03:59+00:00| seen| https://t.me/cvedetector/17391 2025-02-06 16:43:52+00:00| seen|...

CVE-2024-47061

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

CVE-2024-28181

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-834)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-834 advisory. 2025-02-11: CVE-2024-45338 was added to this advisory. 2025-02-11: CVE-2024-51744 was added to this advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback...

CGA-VW4F-2V6Q-MGW7

Bulletin has no description...

CVE-2025-21563

...

CVE-2025-21538

...

CVE-2025-21530

CVE-2025-21530 affects Oracle PeopleSoft’s Enterprise PeopleTools, specifically the Panel Processor in PeopleSoft PeopleTools versions 8.60 and 8.61. The vulnerability allows a low-privilege, network-access attacker (HTTP) to read a subset of data in PeopleSoft Enterprise PeopleTools, with CVSS v...

CVE-2025-21515

...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper...

Exploit for Cross-Site Request Forgery (CSRF) in Oretnom23 Packers_And_Movers_Management_System

CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodes...

CVE-2024-43653

CVE-2024-43653 affects Iocharger AC model chargers running firmware before 24120701. The issue is an authenticated command-injection flaw in the action that lets an attacker execute OS commands as root, giving full control over the charging station (files/services). Impact is described as critic...

US Treasury Department Admits It Got Hacked by China

Treasury says hackers accessed “certain unclassified documents” in a “major” breach, but experts believe the attack’s impacts could prove to be more significant as new details emerge...

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and...

CVE-2024-45690

creationtimestamp| type| source ---|---|--- 2024-11-20 10:30:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113514815730069445 2024-11-20 12:54:04+00:00| seen| https://t.me/cvedetector/11579...

Best Practices for Cloud Compliance

Introduction In today’s data-driven landscape, businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance CSA report revealed that 98% of organizations worldwide use cloud services. Yet, more than 1/3rd of those organizations may not be using...

GHSA-CG23-QF8F-62RR

creationtimestamp| type| source ---|---|--- 2024-11-13 16:20:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113476554727172279...