[SECURITY] Fedora 41 Update: perl-5.40.2-515.fc41

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-42699 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-42699 Source advisory: SNYK:JAVA-ORGOPENCMS-9802334...

Metasploit Wrap-Up 04/18/2025

Smaller Fetch Payloads This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPEFETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously...

Benchmarking Differentially Private Tabular Data Synthesis

Differentially private DP tabular data synthesis generates artificial data that preserves the statistical properties of private data while safeguarding individual privacy. The emergence of diverse algorithms in recent years has introduced challenges in practical applications, such as inconsistent...

[SECURITY] Fedora 42 Update: perl-5.40.2-517.fc42

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Trusted Identities for AI Agents: Leveraging Telco-Hosted ESIM Infrastructure

The rise of autonomous AI agents in enterprise and industrial environments introduces a critical challenge: how to securely assign, verify, and manage their identities across distributed systems. Existing identity frameworks based on API keys, certificates, or application-layer credentials lack t...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules axios and xml-crypto (CVE-2025-27152, CVE-2025-29774, CVE-2025-29775 and CVE-2024-57965)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to multiple vulnerabilities due to Node.js modules axios and xml-crypto. Vulnerability Details CVEID:CVE-2025-27152...

[SECURITY] Fedora 40 Update: dnf-4.23.0-1.fc40.1

Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments...

[slackware-security] perl

New perl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/perl-5.34.3-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Heap-buffer-overflow with tr// Also upgraded Pe...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to a lack of mechanisms for verifying the source, allows attackers to access confidential data.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to reading data beyond the allowed buffer limits, allows attackers to cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to reading data beyond the acceptable buffer limits. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to improper code generation, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to improper code generation. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

CVE-2025-30013

CVE-2025-30013 affects SAP ERP BW Business Content. It is an OS Command Injection vulnerability in certain function modules that, when run with elevated privileges, mishandles user input and allows execution of arbitrary OS commands. The underlying risk impacts confidentiality, integrity, and ava...

Metasploit Wrap-Up 04/04/2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

BIT-JOOMLA-2021-23123 [20210101] - Core - com_modules exposes module names

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

httpd: HTTP Response Splitting in multiple modules

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack...

CVE-2025-31540

Missing Authorization vulnerability in acmemediakits ACME Divi Modules acme-divi-modules allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACME Divi Modules: from n/a through = 1.3.5...

com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +44 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=1.0.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =1.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: SNYK:JAVA-ORGAPACHEPINOT-9637839...