Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-150700533 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235...

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070051 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentran...

Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002360 fixes several issues. The following security issue was fixed: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002338 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address...

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address...

peda

This repository is an offensive tool for exploit development. It is a Python Exploit Development Assistance for GDB PED A, which is a script that helps speed up the exploit development process on Linux/Unix. The tool is designed to work with GDB 7.x and Python 2.6+. The tool has various features,...

Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005573 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. CVE-2025-38001: netsched: hfsc: Address reentrant...

Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055113 fixes several issues. The following security issues were fixed: CVE-2025-21701: net: avoid race between device unregistration and ethnl ops bsc1245805. CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: T...

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024164 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. CVE-2025-38000: schhfsc...

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070078 fixes several issues. The following security issue was fixed: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070073 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235...

Important: kernel-livepatch-6.12.25-32.101

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 Affected Packages: kernel-livepatch-6.12.25-32.101 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

WordPress Juno Theme <= 2.19 is vulnerable to Local File Inclusion

Software Juno Type Theme Vulnerable versions = 2.19 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1d4e77af675c Credits Bonds Required privilege Unauthenticated Published 8...

All You Need Is a Fuzzing Brain: an LLM-Powered System for Automated Vulnerability Detection and Patching

Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in DARPA's Artificial Intelligence Cyber Challenge AIxCC, placing fourth in the final round. During the competition, we developed a Cyber Reasoning System CRS that autonomously discovered 28 security vulnerabilities - including...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

Experiments related to CVE-2015-3456 There is: - exploit/ is an "exploit" it just crashes QEMU. - mock/ contains a stripped down version of QEMU. Only the vulnerability remains. - patch/ contains a program to patch a running instance of QEMU. The main point is to not need debug symbols, nor the...

PT-2025-36395

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: Improper cleanup during the loading of AMD CPU microcode patches may allow an attacker with local administrator privileges to load malicious CPU microcode. This could lead to a loss of...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2025:0335-1 Rating: important References: 1248810 Cross-References: CVE-2025-57833 CVSS scores: CVE-2025-57833 SUSE: 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

Exploit for CVE-2025-55579

CVE-2025-55579 - SolidInvoice Stored Cross-Site Scripting XSS...