MAL-2025-50147 Malicious code in citra-lodeh15-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb41fd3ee5cc4b0067d1a1ad9204a524daf98d1cf34c7f9efd7f88d2b0fa6cbf The package citra-lodeh15-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...

[SECURITY] Fedora 43 Update: bpfman-0.5.4-3.fc43

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

The 7 Best Continuous Threat Exposure Management Tools

If your security team is drowning in a sea of "critical" alerts from your vulnerability scanner, you know the feeling of being busy without being effective. You spend all your time triaging and patching, but you never feel like you're actually ahead of the attackers. This is the core problem that...

EUVD-2025-38115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

CVE-2025-48290

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through = 3.4.4...

Hybrid Fuzzing with LLM-Guided Input Mutation and Semantic Feedback

Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I present a hybrid fuzzing framework that integrates static an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988805 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989480 advisory. In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpfprog refcount underflow Ice driver has the routines for managing XDP resources that...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989490 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix alignment problem in bpfprogtestrunskb We got a syzkaller problem because of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

Bizerba Communication Server 安全漏洞

Bizerba Communication Server is an interface software component from Bizerba, Germany. A security vulnerability exists in Bizerba Communication Server that originates from an unreferenced service path and could lead to the execution of a malicious program...

5 Best Threat Exposure Management Tools for 2025

A long list of vulnerabilities without context isn't a security strategy—it's just noise. Legacy vulnerability scanners are great at finding potential flaws, but they often fail to answer the most important question: "What should we fix right now?" This is why Threat Exposure Management TEM...

CVE-2025-62230

CVE-2025-62230 affects the X.Org X server family (Xwayland/Xkb handling). The issue is a use-after-free in the Xkb client resource removal path when a client disconnects, caused by improper cleanup of Xkb resources that frees the XkbInterest data but not the associated resource, potentially leadi...

CVE-2025-60320

CVE-2025-60320 affects memoQ 10.1.13.ef1b2b52aae and earlier. The issue is an unquoted service path in the memoQ Auto Update Service (memoQauhlp101) where the installed path contains spaces and lacks quotes, allowing local users to escalate to SYSTEM by placing a malicious executable at C:\Progra...

Siemens SIMATIC Devices Heap-based Buffer Overflow (CVE-2024-0684)

A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service. This plugin only works with Tenable.ot. Please visit...

CVE-2025-61161

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path C:\ProgramData\Evope. This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that...

AntiDupl 后置链接漏洞

AntiDupl is a program by the individual developer Ihar Yermalayeu that searches for similar and defective images on disk. AntiDupl 2.3.12 and earlier versions suffer from a backlink vulnerability that stems from a link-following issue in the file AntiDupl.NET.WinForms.exe of the component Delete...

IBM DB2 High Performance Unload 缓冲区错误漏洞

IBM DB2 High Performance Unload is a database data export software from International Business Machines IBM. A buffer error vulnerability exists in IBM DB2 High Performance Unload that originates from an out-of-bounds write and could cause the program to crash. The following versions are affected...

IBM DB2 High Performance Unload 安全漏洞

IBM DB2 High Performance Unload is a database data export program from International Business Machines IBM. A security vulnerability exists in IBM DB2 High Performance Unload that stems from an error in the calculation of the data size and could cause the program to crash. The following versions...

CVE-2025-33132 Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to...