CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: When masking the value of MSRIA32PEBSENABLE for guests with specific vCPU values, it’s necessary to mask this value with the desired PEBSENABLE value of the vCPU. Simply consulting the host kernel’s host vs...

UBUNTU-CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

Apple’s new iOS setting addresses a hidden layer of location tracking

Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there's another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was...

CVE-2025-68375

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix NULL event access and potential PEBS record loss When intelpmudrainpebsicl is called to drain PEBS records, the perfeventoverflow could be called to process the last PEBS record. While perfeventoverflow could trigge...

EUVD-2025-201207

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on requestirq failure The mlx5irqalloc function can inadvertently free the entire rmap and end up in a crash1 when the other threads tries to access this, when requestirq fails due to exhauste...

PT-2025-49080

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mlx5 irq alloc function in the Linux kernel could inadvertently free the entire rmap, leading to a crash when request irq fails due to exhausted IRQ vectors. This issue occurs when...

CVE-2025-11869

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

Malicious code in precise-lime-cougar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b505d68365aa0468e5dd6d13ddd91a058cea2f92664b66344bab4d240ccb57ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117164

Malicious code in precise-lime-cougar npm...

EUVD-2025-103005

Malicious code in precisesalmonz3n npm...

Malicious code in precise_felidae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ceae00b5fc60c298c3ffbad4e64505829b3dbd35a9ac38f0adbd955f99cce2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-95766

Malicious code in precisemothz3n npm...

EUVD-2025-95767

Malicious code in precisegiraffez3n npm...

EUVD-2025-89461

Malicious code in preciseturtlez3n npm...

EUVD-2025-75984

Malicious code in precisegazelle-silentdev npm...

EUVD-2025-80910

Malicious code in preciseloondumbs npm...

EUVD-2025-60941

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

EUVD-2025-67759

Malicious code in precisemulez3n npm...

CVE-2025-11869

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...