PT-2025-26740

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance SMA versions 13.0.x prior to 13.0.385 Quest KACE Systems Management Appliance SMA versions 13.1.x prior to 13.1.81 Quest KACE Systems Management Appliance SMA versions 13.2.x prior to 13.2.183 Quest KACE...

Medium: udisks2

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: udisks2 Issue Correction: Run dnf update udisks2 --releasever 2023.7.20250623 to update your system. New Packages: aarch64: udisks2-lvm2-debuginfo-2.10.1-6.amzn2023.0.2.aarch64 ...

SEC-Bench: Automated Benchmarking of LLM Agents on Real-World Software Security Tasks

Rigorous security-focused evaluation of large language model LLM agents is imperative for establishing trust in their safe deployment throughout the software development lifecycle. However, existing benchmarks largely rely on synthetic challenges or simplified vulnerability datasets that fail to...

Mechanistic Interpretability in the Presence of Architectural Obfuscation

Architectural obfuscation - e.g., permuting hidden-state tensors, linearly transforming embedding tables, or remapping tokens - has recently gained traction as a lightweight substitute for heavyweight cryptography in privacy-preserving large-language-model LLM inference. While recent work has sho...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Asymmetric Resource Consumption (Amplification) due to body-parser package ( CVE-2024-45590 )

Summary Potential vulnerabilities in body-parser package CVE-2024-45590 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when ur...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect bsc122459...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/code-patching: Fixed a KASAN vulnerability by not marking the text patching area as a VMALLOC. Erhard reported the following KASAN vulnerabilities while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: -...

Security Bulletin: IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927

Summary IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49585

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: CVE-2024-49855: nbd: fix race between timeout and normal completion bsc1232900. CVE-2025-21680: pktgen: Avoid out-of-bounds access in getimixentries bsc1236701. CVE-2024-58013:...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52927: netfilter: allow exp not to be removed in nfctfindexpectation bsc1239644. CVE-2024-28956: x86/ibt: Keep IBT disabled during...

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw

Akamai's latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice...

CVE-2025-4601

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiryupdateprofile function. This makes it possible for...

PT-2025-24634 · Undefined · Undefined

CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...

Important: kernel-livepatch-6.12.22-27.96

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.22-27.96 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0074)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...