CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . dot in the URL...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

CVE-1999-0422

In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set...

PT-2026-8119

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc5 Description The netdevsim driver lacks a protection mechanism for operations on the bpf bound progs list. Concurrent operations, specifically nsim bpf create prog performing list add tail and nsim bpf...

bpf: Fix invalid prog->stats access when update_effective_progs fails

...

CVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs fails

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog-stats access when updateeffectiveprogs fails Syzkaller triggers an invalid memory access issue following fault injection in updateeffectiveprogs. The issue can be described as follows: cgroupbpfdetach...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from accessing invalid prog-stats when updateeffectiveprogs fails, which could result in invalid memory accesses...

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2025-2537)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: vips-8.17.3-1.fc42

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

EulerOS Virtualization 2.13.0 : freetype (EulerOS-SA-2025-2572)

According to the versions of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.CVE-2022-31782 Tenable has extracted the...

EulerOS Virtualization 2.13.1 : freetype (EulerOS-SA-2025-2537)

According to the versions of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.CVE-2022-31782 Tenable has extracted the...

CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

Android mobile adware surges in second half of 2025

Android users spent 2025 walking a tighter rope than ever, with malware, data‑stealing apps, and SMS‑borne scams all climbing sharply while attackers refined their business models around mobile data and access. Looking back, we may view 2025 as the year when one-off scams were replaced on the sco...

EUVD-2025-203181

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

PT-2025-51034

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...

[SECURITY] Fedora 43 Update: texlive-base-20230311-94.fc43

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

GO-2025-4147 Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder

Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder...

CVE-2025-65109

Summary (CVE-2025-65109) Minder exposes a risk where the Minder server can fetch content (potentially including restricted URLs) due to insufficient sandboxing of http.send in Rego policy evaluation. Affected: Minder Helm v0.20241106.3386+ref.2507dbf and Minder Go v0.0.72–0.0.83. Impact: access t...

APIs Are the Retail Engine: How to Secure Them This Black Friday

Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on...