EUVD-2025-9399

Malicious code in bioql PyPI...

PT-2025-40533

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description The software contains an input validation flaw in the /upload-program-action API endpoint. The epoch time parameter, when submitting program uploads, is not validated, potentially leading to corruption of...

PT-2025-46626

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel has a problem where it does not support struct arguments in trampoline programs for the LoongArch architecture. This can lead to a kernel oops when running BPF selftests...

CVE-2025-11056 ProjectsAndPrograms School Management System select-students.php sql injection

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

Ensure That Common Users Run Privileged Programs Using the sudo Command

The sudo command enables a specified common user to execute certain programs with the root permission. Most system management commands need to be executed by the root user. For the system administrator, properly authorizing other users can reduce the burden of the system administrator. However,...

CVE-2025-8531

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. "24082" to "27081" allows a remote...

[SECURITY] Fedora 43 Update: kernel-headers-6.17.0-0.rc6.49.fc43

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2025-2123)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...

bpf: Prevent tail call between progs attached to different hooks

...

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

...

CVE-2025-7731

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product...

CVE-2025-7405

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...

CVE-2025-7731

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product...

CVE-2025-7405

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology IT worker scheme to generate illicit revenue for the regime's weapons of mass...

Linux Distros Unpatched Vulnerability : CVE-2024-58036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic...

When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned

In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...

Linux Distros Unpatched Vulnerability : CVE-2014-0181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket,...