10781 matches found
Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. After all, WordPress is often associated with open-source plugins, community themes, and a wide range of deployment practices—some stronger than others. But that perception...
SUSE CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
GHSA-2CJV-6WG9-F4F3 Strapi Password Hashing is Missing Maximum Password Length Validation
Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
ROS-20251016-03
A vulnerability in the FirmwarePerformancePei.c component of the UEFI EDK2 open source development environment is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2022-55091
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
Toward Cybersecurity-Expert Small Language Models
Large language models LLMs are transforming everyday applications, yet deployment in cybersecurity lags due to a lack of high-quality, domain-specific models and training datasets. To address this gap, we present CyberPal 2.0, a family of cybersecurity-expert small language models SLMs ranging fr...
Support for Windows Server 2016 will end in January 2027
Support for Windows Server 2016 will end in January 2027 We recommend upgrading to the latest version of Windows Server. Running the latest version of Windows Server allows you to use the latest features – including the latest security features – and delivers the best performance.To learn more...
SolarWinds Database Performance Analyzer (DPA) Installed (Linux)
Binary data solarwindsdpanixinstalled.nbin...
Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey
Post-quantum cryptography PQC is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head...
CLSA-2025-1760106873 exiv2: Fix of CVE-2025-55304
CVE-2025-55304: add new method appendIccProfile to fix quadratic performance issue...
Malicious Package
Overview kpi-media-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Fedora 41 : webkitgtk (2025-f2bfde9326)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f2bfde9326 advisory. Update to 2.50.0: Improved rendering performance by recording each layer once and replaying every dirty region in different worker threads. Enable...
Linux Distros Unpatched Vulnerability : CVE-2023-53583
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERFHESSTOPPED flag checking in riscvpmustart Since commit 096b52fd2bb4...
Linux Distros Unpatched Vulnerability : CVE-2025-39953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgroup: split cgroupdestroywq into 3 workqueues A hung task can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio...
Linux Distros Unpatched Vulnerability : CVE-2022-50476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA...
UBUNTU-CVE-2023-53664
In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...
EUVD-2025-32747
In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...