PT-2025-32540 · Gimp · Gimp

Name of the Vulnerable Software and Affected Versions: GIMP versions prior to 3.1.4.2 Description: The MacOS version of GIMP includes a Python interpreter that inherits Transparency, Consent, and Control TCC permissions granted to the main application. An attacker with local access can use this...

Linux Distros Unpatched Vulnerability : CVE-2024-43837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT...

Linux Distros Unpatched Vulnerability : CVE-2022-50219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bu...

Linux Distros Unpatched Vulnerability : CVE-2025-37963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means on...

Linux Distros Unpatched Vulnerability : CVE-2021-47099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b veth: allow enabling...

CVE-2025-47807

A flaw was found in gstreamer1-plugins-base. The subparse plugin's subripunescapeformatting function contains a NULL pointer dereference when parsing a subtitle file, which can lead to a program crash. This vulnerability allows a local attacker to provide a specially crafted subtitle file, causin...

Important: mtr

Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Issue Correction: Run dnf update mtr --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1102...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

bpf: Avoid __bpf_prog_ret0_warn when jit fails

...

Linux Distros Unpatched Vulnerability : CVE-2024-41047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 i40e: Fix...

CVE-2012-10032

Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

Linux Distros Unpatched Vulnerability : CVE-2022-50069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpfsysbpf The bpfsysbpf helper function allows...

Linux Distros Unpatched Vulnerability : CVE-2024-58099

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported...

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

Linux Distros Unpatched Vulnerability : CVE-2022-49764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot 1 about warnings that were caused by bpf program attached to...

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

OESA-2025-1920 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...