CVE-2025-25450

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...

CVE-2025-25450

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...

MyTaag 安全漏洞

MyTaag is a digital business card platform from MyTaag, Inc. designed to help users create, manage and share their professional identities online. A security vulnerability exists in MyTaag v.2024-11-24 and prior versions, which stems from a second factor activated via the /session endpoint...

Embedded Malicious Code

Overview cdn-icon-fetcher-help is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-seven.vercel.app URL, which appears to be an image hosting site. Howeve...

Embedded Malicious Code

Overview cdn-icon-fetch is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-server.vercel.app URL, which appears to be an image hosting site. However, by...

CVE-2025-1821

creationtimestamp| type| source ---|---|--- 2025-03-02 19:28:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6107 2025-03-02 20:28:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljgblkm6t523 2025-03-02 21:07:20+00:00| seen|...

SUSE CVE-2025-21747

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

UBUNTU-CVE-2025-21747

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

CVE-2025-21747 drm/ast: astdp: Fix timeout for enabling video signal

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel, which stems from a post-release reuse of the pps driver...

PT-2025-7331 · WordPress · The Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress versions up to, and including, 2.9.2 Description: The issue is related to second-order SQL Injection via...

AZL-56831 CVE-2025-21694 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in readvmcore part 2 Since commit 5cbcb62dddf5 "fs/proc: fix softlockup in readvmcore" the number of softlockups in readvmcore at kdump time have gone down, but they still happen sometimes. In a memory...

Astra Linux - уязвимость в waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

[SECURITY] [DLA 4040-1] pam-u2f security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...

CVE-2025-24365

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization in real case the user can be a part of the organization as an unprivileged user and be...

A week in security (January 20 – January 26)

Last week on Malwarebytes Labs: Your location or browsing habits could lead to price increases when buying online AI tool GeoSpy analyzes images and identifies locations in seconds 7-Zip bug could allow a bypass of a Windows security feature. Update now Warning: Don’t sell or buy a second hand...

Warning: Don’t sell or buy a second hand iPhone with TikTok already installed

After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Reportedly, people are selling iPhones that have TikTok installed for up to $25,000. This may require some explanation, so bear with me. TikTok has had a rough time in the US the last weeks. The ban we...

Malicious code in fast-utilz (npm)

This package downloads a second stage payload via Discord. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e23b4a6118c13cf6e7d7bc0318d4ff3f1d25bbc1cb4db2a8a4676cdb4777e232 Any computer that has this package installed or running should be considered fully compromised...

MAL-2025-614 Malicious code in fast-utilz (npm)

This package downloads a second stage payload via Discord. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e23b4a6118c13cf6e7d7bc0318d4ff3f1d25bbc1cb4db2a8a4676cdb4777e232 Any computer that has this package installed or running should be considered fully compromised...