Astra Linux – Vulnerability in mtr

In certain privileged contexts, mtr improperly handles the execution of a program specified by the MTRPACKET environment variable. NOTE: On macOS, mtr may often be subject to sudo rules, as a result of Homebrew not installing setuid binaries...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when JIT fails Syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Linked modules: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

Bizerba Communication Server 安全漏洞

Bizerba Communication Server is an interface software component from Bizerba, Germany. A security vulnerability exists in Bizerba Communication Server that originates from an unreferenced service path and could lead to the execution of a malicious program...

5 Best Threat Exposure Management Tools for 2025

A long list of vulnerabilities without context isn't a security strategy—it's just noise. Legacy vulnerability scanners are great at finding potential flaws, but they often fail to answer the most important question: "What should we fix right now?" This is why Threat Exposure Management TEM...

CVE-2025-62230

CVE-2025-62230 affects the X.Org X server family (Xwayland/Xkb handling). The issue is a use-after-free in the Xkb client resource removal path when a client disconnects, caused by improper cleanup of Xkb resources that frees the XkbInterest data but not the associated resource, potentially leadi...

CVE-2025-60320

CVE-2025-60320 affects memoQ 10.1.13.ef1b2b52aae and earlier. The issue is an unquoted service path in the memoQ Auto Update Service (memoQauhlp101) where the installed path contains spaces and lacks quotes, allowing local users to escalate to SYSTEM by placing a malicious executable at C:\Progra...

Siemens SIMATIC Devices Heap-based Buffer Overflow (CVE-2024-0684)

A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service. This plugin only works with Tenable.ot. Please visit...

CVE-2025-61161

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path C:\ProgramData\Evope. This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that...

AntiDupl 后置链接漏洞

AntiDupl is a program by the individual developer Ihar Yermalayeu that searches for similar and defective images on disk. AntiDupl 2.3.12 and earlier versions suffer from a backlink vulnerability that stems from a link-following issue in the file AntiDupl.NET.WinForms.exe of the component Delete...

IBM DB2 High Performance Unload 缓冲区错误漏洞

IBM DB2 High Performance Unload is a database data export software from International Business Machines IBM. A buffer error vulnerability exists in IBM DB2 High Performance Unload that originates from an out-of-bounds write and could cause the program to crash. The following versions are affected...

IBM DB2 High Performance Unload 安全漏洞

IBM DB2 High Performance Unload is a database data export program from International Business Machines IBM. A security vulnerability exists in IBM DB2 High Performance Unload that stems from an error in the calculation of the data size and could cause the program to crash. The following versions...

CVE-2025-33132 Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to...

CVE-2025-33126 Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could...

EUVD-2022-54538

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

As the 2025 edition of Pwn2Own Ireland draws to a close, we are taking a beat to reflect on Rapid7’s participation and achievements, both this year and last, in the world of competitive zero day exploit development. Pwn2Own is a zero day exploit competition run by the Zero Day Initiative ZDI and...

Prompt injection in Opera Neon: Rapid response through responsible disclosure

Security Prompt injection in Opera Neon: Rapid response through responsible disclosure Share October 23rd, 2025 Hi Opera users, This week, we were able to address a real-world security scenario on Opera Neon thanks to the work of a security researcher team. The researchers reached out to us throu...

Top security researcher shares their bug bounty process

As we wrap Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight another top performing security researcher who participates in the GitHub Security Bug Bounty Program, Andr e Storfjord Kristiansen! GitHub is dedicated to maintaining the security and reliability of the...

EUVD-2023-60031

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

...