MAL-2025-45566 Malicious code in plastic-task-note (npm)

The package plastic-task-note was found to contain malicious code...

CVE-2025-21036

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability...

CVE-2025-38705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...

CVE-2025-41051

creationtimestamp| type| source ---|---|--- 2025-09-04 15:34:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxzhukbpsk2e...

PT-2025-35870

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The software contains an elevation of privilege issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2013-1834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated...

CVE-2025-21036

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability...

Important: udisks2 security update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Out-of-bounds read in UDisks Daemon CVE-2025-8067 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Ubuntu: Security Advisory (USN-7727-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

Linux Distros Unpatched Vulnerability : CVE-2019-9892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as...

Linux Distros Unpatched Vulnerability : CVE-2020-10956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. CVE-2020-10956 Note that Nessus relies on the presence of the...

Security Bulletin: Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly, which affects IBM watsonx.data

Summary Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. These can affect...

How attackers adapt to built-in macOS protection

If a system is popular with users, you can bet it's just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end...

Exploit for CVE-2025-55763

CVE-2025-55763 Buffer Overflow in the URI parser of CivetWeb...

Linux Distros Unpatched Vulnerability : CVE-2023-41915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code...

Linux Distros Unpatched Vulnerability : CVE-2023-48183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of this with eval. CVE-2023-48183 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2023-45925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function xerrorhandler at tty/x11conn.c. NOTE: this is...

Linux Distros Unpatched Vulnerability : CVE-2022-28070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer deference in coreanalfcn function in radare2 5.4.2 and 5.4.0. CVE-2022-28070 Note that Nessus relies on the presence of the package as reported b...

Linux Distros Unpatched Vulnerability : CVE-2021-30744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and...