libxml: Heap use after free (UAF) leads to Denial of service (DoS)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

gimp:2.8 security update

An update is available for module.python2-pycairo, pygobject2, python2-pycairo, pygtk2, gimp, module.pygobject2, module.gimp, module.pygtk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

PT-2025-34401

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc6-syzkaller-00002-g155a3c003e55 Description: The Linux kernel contained a flaw in the netfilter bpf Berkeley Packet Filter functionality. Specifically, the nf hook run bpf function did not disable...

Congratulations to the MSRC 2025 Most Valuable Security Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuabl...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 30, 2025 to July 6, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

CVE-2025-38280

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

AZL-64907 CVE-2025-38280 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

UBUNTU-CVE-2025-38280

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

CVE-2025-38280 bpf: Avoid __bpf_prog_ret0_warn when jit fails

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence team and...

Security update for systemd

This update for systemd fixes the following issues: CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump bsc1243935. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...

Congratulations to the top MSRC 2025 Q2 security researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad...

HDF5 Resource Management Error Vulnerability

HDF5 is a library of HDF open source . A security vulnerability exists in HDF5 version 1.14.6, which stems from a confusion about the instruction in the function H5FLreggclist in the file src/H5FL.c that is responsible for freeing memory. An attacker can exploit this vulnerability to potentially...

welpwn

Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...

SUSE CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

ALPINE-CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

DEBIAN-CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...