URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+

There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe

QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself...

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807 block: fix queue freeze vs limits lock order in sysfs store methods

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807

CVE-2025-21807 (Linux kernel) affects the block subsystem. queue_attr_store() previously freezes the device queue before invoking the attribute store operation. For attributes controlling queue limits, the store could lock queue limits via queue_limits_start_update(), creating an ABBA deadlock if...

CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807 block: fix queue freeze vs limits lock order in sysfs store methods

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21792 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

CVE-2025-21746

The CVE-2025-21746 issue affects the Linux kernel Input: synaptics path for enabling a pass-through port. Root cause: when enabling a pass-through port, an interrupt may arrive before the psmouse driver binds, and the synaptics sub-driver may access a psmouse instance not yet attached, potentiall...

Security update for chromium (moderate)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0077-1 Rating: moderate References: 1237699 Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for chromium fixes the...

OS Fingerprints Detected

Using a combination of remote probes TCP/IP, SMB, HTTP, NTP, SNMP, etc, it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here...

Use of Uninitialized Resource

Overview passenger is a web server and application server for Ruby, Python and Node.js, optimized for performance, low memory usage and ease of use. Affected versions of this package are vulnerable to Use of Uninitialized Resource due to improper handling of HTTP requests with invalid methods. Th...

Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

Hard drives containing sensitive medical data found in flea market

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix grou...