CVE-2025-66476

An uncontrolled search-path vulnerability in Vim for Microsoft Windows allows an attacker who can place a trojanized executable in a directory opened by the user to cause Vim to run that executable when Vim invokes external commands for example :grep, :!, filters !, :make, or system in Vimscript...

SUSE CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

RHSA-2025:22445 Red Hat Security Advisory: gimp security update

Bulletin has no description...

gimp:2.8 security update

An update is available for pygtk2, module.gimp, module.python2-pycairo, gimp, module.pygobject2, pygobject2, python2-pycairo, module.pygtk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2025-200094

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

UBUNTU-CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

CVE-2025-11772 Co-Installer Privilege Escalation

A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation...

PT-2025-48539

Name of the Vulnerable Software and Affected Versions Live555 Streaming Media version 2018.09.02 Description A use-after-free issue exists in the MPEG1or2Demux::newElementaryStream function. This allows attackers to cause a Denial of Service DoS by providing a crafted MPEG Program stream...

CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

PT-2025-48540

A carefully crafted DLL, copied to C:ProgramDataSynaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation...

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Wordfence Bug Bounty Program Monthly Report – October 2025

Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

JLSEC-2025-228 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occu...

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

Inclusion of Web Functionality from an Untrusted Source

Overview github.com/mindersec/minder/internal/datasources/rest is an implementation of a REST data source Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the http.send function in Rego programs. A user can access internal network...

curl: Out-of-bounds read in HTTP method handling causes undefined behavior and potential crash This is sharp, Gaurav. We’ve got a real memory-safety bug ins

Summary -​‍​‌‍​‍‌​‍​‌‍​‍‌ Component: libcurl core HTTP handling HTTP/2 request translation and CONNECT detection - Type: out-of-bounds read resulting from missing null-termination - Impact: Behavior not defined by the specification, the program can crash DoS and CONNECT requests can be...

Google Golang 安全漏洞

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific...