quantumcore-audits

QuantumCore Security Labs - Smart Contract Audit Demo This re...

From summer camp to grind season

Welcome to this week's edition of the Threat Source newsletter. This is the way the world ends This is the way the world ends This is the way the world ends Not with a bang but a whimper. - T.S. Eliot So this is how Summer Camp 2025 ends, not with a bang but a whimper. We've put the summer behind...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addresse...

PT-2025-35879

Name of the Vulnerable Software and Affected Versions: Android WLAN versions prior to 2025-09-05 on Google Pixel devices Description: A privilege escalation issue exists in the WLAN component of Android on Google Pixel devices. This allows for unauthorized access to system resources...

PT-2025-35887

Name of the Vulnerable Software and Affected Versions: Android WLAN versions prior to 2025-09-05 on Google Pixel devices Description: A privilege escalation issue exists in the WLAN component of Android running on Google Pixel devices. This allows for unauthorized elevation of privileges...

Exploit for Out-of-bounds Write in Cisco Rv110W_Firmware

Cisco RV CVE-2019-1663 Simulation A safe Dockerized simulatio...

ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

USN-7729-1: KDE PIM vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Und...

xillen-exploit-dev

Xillen Exploit Dev Инструмент для разработки и тестирован...

CVE-2024-12925 Host Header Injection in Akinsoft's QR Menu

Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12...

Claude Desktop Installed (Windows)

Binary data claudedesktopwininstalled.nbin...

Oracle Linux 9 : postgresql:15 (ELSA-2025-14862)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14862 advisory. - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 - Fix CVE-2024-0985 Tenable has extracted the preceding description block directly from the Orac...

Exploit for Path Traversal in Apache Http_Server

CTFWRITEUPS-TryHackMe-CVE-2021-41773- CTFWRITEUPS/TryHackMe...

CVE-2016-0021

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:14+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2026-03-21 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mhlwkaeapa2w...

Linux Distros Unpatched Vulnerability : CVE-2025-29918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to a...

CGA-V9J4-97RJ-3R4X

Bulletin has no description...

CVE-2024-13984

creationtimestamp| type| source ---|---|--- 2025-08-29 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lxkxf7jybe2p 2025-11-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-11-24...

CVE-2025-9670 mixmark-io turndown commonmark-rules.js redos

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-30265

CVE-2025-30265 describes a buffer overflow in QNAP QTS and QuTS hero. The vulnerability arises from an application boundary error when handling untrusted input, permitting a remote attacker who has a user account to modify memory or crash processes. Affected products include QTS and QuTS hero; fi...

CVE-2025-57809 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm...