SUSE CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

CVE-2025-14092

A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed...

EUVD-2025-201416

A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed...

EUVD-2025-201448

A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. Th...

CVE-2025-14093 Edimax BR-6478AC V3 formTracerouteDiagnosticRun sub_416990 os command injection

A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. Th...

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-13342

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

SAP-Nuclei-Templates

SAP-Nuclei-Templates Nuclei Templates fo...

CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool

In Splunk MCP Server app versions below 0.2.4, a user with access to the "runsplunkquery" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool

In Splunk MCP Server app versions below 0.2.4, a user with access to the "runsplunkquery" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

CVE-2025-20381

In Splunk MCP Server App

Fixing a Slow SOC: Top 3 Solutions that Actually Work

Smarter SOC performance with faster triage, proactive defence, and a unified stack powered by instant alert context from ANY.RUN to cut MTTD and MTTR...

PT-2025-48806

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps plugin for WordPress versions through 3.28.20 Description The Frontend Admin by DynamiApps plugin for WordPress is susceptible to unauthorized modification of arbitrary WordPress options. This is a result of...

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea's most persistent infiltration schemes: a network of remot...

CVE-2025-0007

Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability...

CVE-2025-58486

CVE-2025-58486 affects Samsung Account prior to version 15.5.01.1 due to improper input validation, enabling a local attacker to execute arbitrary script. Documented across multiple sources (Red Hat, NVD, CVE lists, CNVD, ENISA EUVD) consistently identify the same flaw and impact. The affected so...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Feb 2023)

This host is missing a critical security update according to Microsoft Office Click-to-Run update February 2023. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OESA-2025-2753 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

AMD Xilinx Run Time Buffer Overflow Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. A buffer overflow vulnerability exists in AMD Xilinx Run Time, which can be exploited by an attacker to cause the reading or corrupti...