Xen: domctl Lock Open to Abuse (XSA-492)

To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is, however, not providi...

MINI-C7H6-2P2V-5H92

Bulletin has no description...

CVE-2026-4893 affecting package dnsmasq for versions less than 2.92-1

CVE-2026-4893 affecting package dnsmasq for versions less than 2.92-1. A patched version of the package is available...

Astra Linux – Vulnerability in Firefox

Mixed-content checks were unable to analyze opaque origins, resulting in some mixed content being loaded. This vulnerability affects Firefox versions earlier than 92...

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2025-13932

creationtimestamp| type| source ---|---|--- 2025-12-04 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06 2025-12-04 22:30:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m76zjwd57t2s...

MAL-2025-165080 Malicious code in rival-poke92 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d394d63c9eee98f6c29f7c933adff89d5a921b18565bf2469029519851283bab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-42355

Malicious code in putri-rendang92-breki npm...

PT-2025-44440

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay Portal versions 7.4 GA through update 92 Older unsupported versions Description The...

CVE-2025-41390

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...

PT-2025-42181

Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The software includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery...

EUVD-2025-24044

Malicious code in bioql PyPI...

EUVD-2025-25725

Malicious code in bioql PyPI...

EUVD-2025-25724

Malicious code in bioql PyPI...

MAL-2025-47657 Malicious code in eslint-v92 (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-X7P4-V8MJ-6FXX Liferay Portal Username Enumeration Vulnerability

Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the...

Linux Distros Unpatched Vulnerability : CVE-2021-38491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox 92. CVE-2021-38491...

CVE-2025-49258

creationtimestamp| type| source ---|---|--- 2025-06-17 16:18:20+00:00| seen| Telegram/SCENl0bmebBo-isLeSjNn7zy-WAXbtsdyq9JC-AqVlk7Uo 2025-06-18 15:42:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18767...

ARTEC EMA Mail 安全漏洞

ARTEC EMA Mail is an enterprise-class encrypted mail system from ARTEC. A security vulnerability exists in ARTEC EMA Mail version 6.92 that stems from vulnerability to cross-site request forgery attacks...

PT-2023-30943 · Inure · Inure

Name of the Vulnerable Software and Affected Versions: inure versions prior to build92 Description: The issue concerns exposure of sensitive information to an unauthorized actor in the GitHub repository hamza417/inure. Recommendations: For versions prior to build92, update to build92 or later to...