PT-2025-18894 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where the disk scan partitions function is called with 'FMODE EXCL', but blkdev get by dev is called without 'FMODE EXCL'. As a result,...

SUSE CVE-2025-22092

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...

Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 1.27.0 that stems from not checking the validity of a scan cursor, which could lead to a denial of service attack...

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...

Lobo Guará - Cyber Threat Intelligence Platform

Lobo Guará is a platform aimed at cybersecurity professionals, with various features focused on Cyber Threat Intelligence CTI. It offers tools that make it easier to identify threats, monitor data leaks, analyze suspicious domains and URLs, and much more. Features 1. SSL Certificate Search Allows...

CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

CVE-2025-27437

CVE-2025-27437 affects SAP NetWeaver Application Server ABAP, specifically the Virus Scanner Interface. The vulnerability is a missing authorization check that allows an attacker authenticated as a non-administrative user to initiate a transaction and access but not modify non-sensitive data, wit...

April 10, 2025, update for Office 2016 (KB5002623)

April 10, 2025, update for Office 2016 KB5002623 This article describes update 5002623 for Microsoft Office 2016 that was released on April 10, 2025.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2025 Release 1, which stems from improper access control and could...

GHSA-V7X6-RV5Q-MHWC Picklescan missing detection when calling built-in python library function timeit.timeit()

Summary Using timeit.timeit function, which is a built-in python library function to execute remote pickle file. Details Pickle’s deserialization process is known to allow execution of function via reduce method. While Picklescan is meant to detect such exploits, this attack evades detection by...

PT-2025-15047 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 9.0 Description: The issue allows an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Recommendations: For IBM Maximo Application Suite version 9.0...

DEBIAN-CVE-2025-21983

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfreercu: Switch to WQMEMRECLAIM wq Currently kvfreercu APIs use a system workqueue which is "systemunboundwq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning ca...

UBUNTU-CVE-2025-21983

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfreercu: Switch to WQMEMRECLAIM wq Currently kvfreercu APIs use a system workqueue which is "systemunboundwq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning ca...

SUSE CVE-2025-21879

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfsscanroot we are accessing the inode's root and fsinfo in a call to btrfsfsclosing after we have scheduled the inode for a delayed iput, and that ca...

UBUNTU-CVE-2025-21879

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfsscanroot we are accessing the inode's root and fsinfo in a call to btrfsfsclosing after we have scheduled the inode for a delayed iput, and that ca...

How to Create a Scan in Perl to Identify Vulnerable Telnet Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable telnet servers. In the context of application security, the author provides mitigation recommendations...

JFrog Artifactory Anonymous Deployment Detected

JFrog Artifactory can be misconfigured and allows an unauthenticated attacker to deploy files to certain repositories. By simply querying the repodata endpoint, the attacker can identify whuch repositories permit anonymous deployment. No source data...

CVE-2025-30110

On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP scan...

RockyLinux 9 : python3.11-PyMySQL (RLSA-2024:9194)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9194 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the RockyLinux...