kernel: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

SUSE CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

Arista Networks CloudVision Portal 安全漏洞

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...

RLSA-2025:2667 Important: .NET 9.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.104 and .NET Runtime 9.0.3.Securi...

Powering the Future of Cyber Risk Management: Welcoming Our First mROC Alliance Members

Organizations today face a growing challenge: fragmented security tools, a flood of risk findings, and limited visibility across environments. But perhaps the biggest challenge of them all is the disconnect between cybersecurity efforts and the business value at risk. Without the ability to...

Reinforcing resilience with financial assurance: Breach protection matters now more than ever

Introducing Rapid7’s value-added Breach Protection Warranty that delivers confidence, clarity, and coverage when it matters most. Life’s old adage often applies in security: Hope for the best, prepare for the worst. In today’s threat landscape, even the best-prepared organizations can’t guarantee...

Deepening the MDR partnership: Rapid7 now delivers Active Remediation with Velociraptor

Rapid7 is expanding its response capabilities to meet the demands and relentless pace of today’s threat landscape – and the operational needs of our customers. Partnership means many things to us here at Rapid7. It means showing up with trusted expertise, providing clear guidance in moments of...

CVE-2025-46274

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

CVE-2025-46274 Planet Technology Network Products Use of Hard-coded Credentials

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database...

DEBIAN-CVE-2025-22099

In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmpdpsub: Add NULL check in zynqmpaudioinit devmkasprintf calls can return null pointers on failure. But some return values were not checked in zynqmpaudioinit. Add NULL check in zynqmpaudioinit, avoid referencing...

DEBIAN-CVE-2025-21976

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hypervfb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and henc...

AZL-62824 CVE-2025-21976 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hypervfb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and henc...

Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...

Kentico Xperience Authentication Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

Kentico Xperience Authentication Bypass Vulnerability (CNVD-2026-05134)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience version 13.0.172 and earlier, which stems from an authentication bypass that could lead to the control of managed objects...

Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers

Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses SMBs are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain...

.NET 6.0 bug fix and enhancement update

An update is available for dotnet6.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

CVE-2021-22126

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded...