UBUNTU-CVE-2025-39744

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...

Linux Distros Unpatched Vulnerability : CVE-2014-2886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GKSu 2.0.2, when sudo-mode is not enabled, uses double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in...

CVE-2025-47695

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala sala.This issue affects Sala: from n/a through = 1.1.6...

This “insidious” police tech claims to predict crime (Lock and Code S06E18)

This week on the Lock and Code podcast… In the late 2010s, a group of sheriffs out of Pasco County, Florida, believed they could predict crime. The Sheriff’s Department there had piloted a program called “Intelligence-Led Policing” and the program would allegedly analyze disparate points of data ...

600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...

TkEasyGUI Affected by Uncontrolled Search Path Element Issue

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

GHSA-PH2W-CX28-VHRQ TkEasyGUI Affected by Uncontrolled Search Path Element Issue

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

CVE-2025-55671

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

PT-2025-36112

Name of the Vulnerable Software and Affected Versions: TkEasyGUI versions prior to 1.0.22 Description: An uncontrolled search path element issue exists that may lead to arbitrary code execution with the privileges of the running program. Recommendations: Update TkEasyGUI to version 1.0.22 or late...

drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe

...

Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair

Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...

ROS-20250904-02

The vulnerability of the corosync/pacemaker PCS program configuration utility is related to flaws in the procedure of of authentication. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges...

bpf: Remove tst_run from lwt_seg6local_prog_ops.

...

drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe

...

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

...

1965 Cryptanalysis Training Workbook Released by the NSA

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term "Stethoscope" to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified...

Linux Distros Unpatched Vulnerability : CVE-2021-41688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific...

Linux Distros Unpatched Vulnerability : CVE-2021-41687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending...

Linux Distros Unpatched Vulnerability : CVE-2021-41689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even...