PT-2026-7035

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw related to audio format handling. Specifically, the AUDIN format renegotiation process can lead to a use-after-free condition. This...

CVE-2025-58148

A flaw was found in Xen. Hypercalls using any input format can cause sendipi to read d-vcpu out-of-bounds, and operate on a wild vCPU pointer. A buggy or malicious guest can cause Denial of Service DoS affecting the entire host, information leaks, or elevation of privilege...

JLSEC-2025-160 A flaw was found in GLib

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service...

EUVD-2009-2367

Malware in sbrugna...

CVE-2025-50096 affecting package mysql for versions less than 8.0.43-1

CVE-2025-50096 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-55241 Azure Entra ID Elevation of Privilege Vulnerability

...

New Malware Uses Windows Character Map for Cryptomining

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…...

Linux Distros Unpatched Vulnerability : CVE-2014-0085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local...

CVE-2025-46394 vulnerabilities

Vulnerabilities for packages: busybox...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to th...

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities

Multiple vulnerabilities in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 with Cisco Session Initiation Protocol SIP Software could allow an unauthenticated, remote attacker to conduct arbitrary file write and informatio...

Why you should upgrade to Windows 11 now, and how to do it

I know many of us loved Windows XP and Windows 7 almost as much as we dislike Windows 10 and 11, but if you want to stay secure on Windows, the time to bite the bullet is closing in fast. Support for Windows 10 will end on October 14, 2025, which means the only Windows version that will continue ...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 – Proof of Concept !Statushttps://img.shiel...

openSUSE Security Advisory (SUSE-SU-2025:03039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-26619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in...

Linux Distros Unpatched Vulnerability : CVE-2020-10184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of servic...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Exposure of Sensitive System Information Vulnerability (CVE-2025-36162)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD integration point may expose certain sensitive information to an authenticated user. Vulnerability Details CVEID:CVE-2025-36162 DESCRIPTION: IBM DevOps Deploy / IBM UrbanCode Deploy UCD 8.1.x before 8.1.2.2 could allow an authenticated user to...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. Verified on Ubuntu 22.04 and 18.04 desktop with Gnome Module Options msf use exploit/linux/persistence/bashprofile msf...

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 23 (4.2.0.23)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 23 4.2.0.23 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high...