Important: mtr

Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Issue Correction: Run dnf update mtr --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1102...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

bpf: Avoid __bpf_prog_ret0_warn when jit fails

...

Linux Distros Unpatched Vulnerability : CVE-2024-41047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 i40e: Fix...

CVE-2012-10032

Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

Linux Distros Unpatched Vulnerability : CVE-2022-50069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpfsysbpf The bpfsysbpf helper function allows...

Linux Distros Unpatched Vulnerability : CVE-2024-58099

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported...

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

Linux Distros Unpatched Vulnerability : CVE-2022-49764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot 1 about warnings that were caused by bpf program attached to...

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

OESA-2025-1920 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

gimp:2.8 security update

An update is available for module.python2-pycairo, pygobject2, python2-pycairo, pygtk2, gimp, module.pygobject2, module.gimp, module.pygtk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

PT-2025-34401

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc6-syzkaller-00002-g155a3c003e55 Description: The Linux kernel contained a flaw in the netfilter bpf Berkeley Packet Filter functionality. Specifically, the nf hook run bpf function did not disable...