On world password day, Microsoft says fewer passwords, more passkeys

And we agree. If there is a cybersecurity themed day that we would like to get rid as soon as possible it’s world password day. Sorry, old friend, but you’re outdated, and it looks like your days are numbered. Let's switch to passkeys. To quote Microsoft: “As the world shifts from passwords to...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )

Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

USN-7431-2 haproxy vulnerability

USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519 Replace uploaded files knowing the file upload ID

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519

Summary: CVE-2025-3519 is an authorization bypass in Unblu Spark that allows a conversation participant to replace an existing uploaded file by using the file’s UUID. The issue affects Unblu Spark versions 8.0.0–8.12.1 and 8.13.1, enabling file replacement without altering the file name, uploader...

PT-2025-17491 · Unblu · Unblu Spark

Name of the Vulnerable Software and Affected Versions: Unblu Spark versions 8.0.0 through 8.12.1 Unblu Spark version 8.13.1 Description: An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned...

Unblu Spark 安全漏洞

Unblu Spark is a key component in a conversation-centered digital customer experience platform from Swiss company Unblu. A security vulnerability exists in Unblu Spark that stems from the ability of conversation participants to replace uploaded files...

[SECURITY] Fedora 41 Update: uv-0.6.14-3.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 42 Update: uv-0.6.14-3.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

UBUNTU-CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

The vulnerability in the implementation of Autofill functions in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user’s interface.

The vulnerability of the Autofill function in Google Chrome and Microsoft Edge lies in information representation errors at the user interface level. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Server

Description: This update fixes the following issues: proxy-helm: Version 5.0.12: Image rebuilt to the newest version with updated dependencies proxy-httpd-image: Version 5.0.10: Fixed wrong IP address set on susemanager-tftpsync-recv.conf Image rebuilt to the newest version with updated...

CVE-2025-30510

An attacker can upload an arbitrary file instead of a plant image...

USN-7431-1 haproxy vulnerability

Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service, or possibly execute...