Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Linux Distros Unpatched Vulnerability : CVE-2024-11828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. B...

Linux Distros Unpatched Vulnerability : CVE-2024-7554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all version...

Linux Distros Unpatched Vulnerability : CVE-2022-1100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9....

Linux Distros Unpatched Vulnerability : CVE-2021-29495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled ...

Linux Distros Unpatched Vulnerability : CVE-2018-5392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by...

RHEL 8 : go-toolset:rhel8 (RHSA-2025:13940)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13940 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: Go VCS Command...

RHEL 10 : golang (RHSA-2025:13941)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13941 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked dmaalloccoherent return value that could lead to DMA API abuse...

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

Akamai Named an Overall Leader for API Security by KuppingerCole

...

Exploit for Injection in Cisco Secure_Firewall_Management_Center

cve2025-20265 Safe Python script to detect Cisco FMC instances...

CryptoScope: Utilizing Large Language Models for Automated Cryptographic Logic Vulnerability Detection

Cryptographic algorithms are fundamental to modern security, yet their implementations frequently harbor subtle logic flaws that are hard to detect. We introduce CryptoScope, a novel framework for automated cryptographic vulnerability detection powered by Large Language Models LLMs. CryptoScope...

PT-2025-33430 · WordPress · B Slider- Gutenberg Slider Block

Name of the Vulnerable Software and Affected Versions: B Slider- Gutenberg Slider Block for WP plugin for WordPress versions prior to 2.0.0 Description: The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery via the fs api request function...

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security

IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals ...

CVE-2025-42951

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

Routing and Wavelength Assignment with Minimal Attack Radius for QKD Networks

Quantum Key Distribution QKD can distribute keys with guaranteed security but remains susceptible to key exchange interruption due to physical-layer threats, such as high-power jamming attacks. To address this challenge, we first introduce a novel metric, namely Maximum Number of Affected Request...