[SECURITY] Fedora 42 Update: rust-interpolator-0.5.0-3.fc42

Runtime format strings, fully compatible with std's macros...

[SECURITY] Fedora 41 Update: rust-interpolator-0.5.0-3.fc41

Runtime format strings, fully compatible with std's macros...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528.yaml Flowise is a drag & drop user interface to...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fixed a NULL pointer dereferencing in getpdpoweruw. The getpdpoweruw function can crash due to a NULL pointer dereferencing when emcpuget returns NULL. This occurs when a CPU becomes unavailable during runtime,...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a kernel crash that occurred when the GPU was hard-reset. The GPU hard-reset sequence calls pmruntimeforcesuspend and pmruntimeforceresume. According to their documentation, these functions should only be...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: vlan: Fixed an issue where the refcount imbalance of VLAN 0 occurred during runtime, due to toggling filtering. Assuming the “rx-vlan-filter” feature is enabled on a network device, the 8021q module will automatically add...

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime (CVE-2025-53057, CVE-2025-53066)

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their October 2025 Vulnerability Advisory. For more information please refer to OpenJDK's October 2025 Vulnerability Advisory and the CVE links below. Vulnerability Details...

The Bug Report - October 2025 Edition

The Bug Report – October 2025 Edition By Jonathan Omakun · October 31, 2025 Why am I here? Welcome to October's cybersecurity horror show, where the tricks are malicious and the treats are... Well, there aren't any treats. Just vulnerabilities that would make even the most seasoned security...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +13552 more potentially affected by CVE-2025-64118 via tar (>=7.5.1 <=7.5.15)

tar NPM version =7.5.1, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.8 and more Source cves: CVE-2025-64118 Source advisory: SNYK:JS-TAR-13782958...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

[SECURITY] Fedora 42 Update: gammaray-3.1.0-15.fc42

A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...

Sweet Security Brings Runtime-CNAPP Power to Windows

Tel Aviv, Israel, 29th October 2025, CyberNewsWire...

Jenkins plugin Eggplant Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Modularizing Spring Boot

Continuing our Road to GA series, this week we're exploring the modularization effort happening with Spring Boot 4. When Spring Boot 1.0 was released in 2014, it shipped with a single spring-boot-autoconfigure jar weighing in at 182 KiB. Of course, that initial version didn't support a great deal...

Compromising Trusted Execution Environments through DDR5 Memory Bus Interposition

Summary Researchers successfully executed a physical bus interposition attack targeting server-grade DDR5 memory, compromising the confidentiality of encrypted data during runtime. AMD does not plan to provide mitigations since physical vector attacks are out of scope for AMD SEV-SNP. as detailed...

Linux Distros Unpatched Vulnerability : CVE-2025-62711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in...

Exploit for Path Traversal in Oracle Configurator

🚨 CVE-2025-61884 — High-Risk Oracle EBS Configurator Info Disc...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...