Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

CVE-2026-2636

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

CVE-2026-2636

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

CVE-2026-2636

CVE-2026-2636 affects the CLFS.sys driver via CWE-159 (Improper Handling of Invalid Use of Special Elements), causing an unrecoverable inconsistency that can trigger KeBugCheckEx and crash the system. Documented impact is Denial of Service/local crash with availability impact HIGH, while confiden...

CVE-2026-2636 Denial of Service in Microsoft OS

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

CVE-2026-2636 Denial of Service in Microsoft OS

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

PT-2026-21986

Name of the Vulnerable Software and Affected Versions Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025 Windows 11 23H2 and earlier Description The issue is caused by improper handling of invalid use of special elements within the CLFS.sys...

Description of the security update for SharePoint Server 2019: February 10, 2026 (KB5002834)

Description of the security update for SharePoint Server 2019: February 10, 2026 KB5002834 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're...

CVE-2025-11065

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...

CVE-2022-42187

Hustoj 22.09.22 has a XSS Vulnerability in /admin/problemjudge.php...

CVE-2019-20568

An issue was discovered on Samsung mobile devices with O8.x and P9.0 devices Exynos and Qualcomm chipsets software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 September 2019...

CVE-2019-20570

An issue was discovered on Samsung mobile devices with P9.0, O8.0, and N7.1 software. Attackers can bypass Factory Reset Protection FRP via Smart Switch. The Samsung ID is SVE-2019-15138 September 2019...

CVE-2019-20545

An issue was discovered on Samsung mobile devices with O8.x and P9.0 Exynos chipsets software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 November 2019...

CVE-2025-10922

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

Wordfence Bug Bounty Program Monthly Report – September 2025

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

EUVD-2025-34923

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...

NVIDIA HGX and DGX VBIOS and LS10 - September 2025 - Lenovo Support US

No description provided...

Dark Web Roast - September 2025 Edition

Dark Web Roast - September 2025 Edition By Trellix Advanced Research Center · October 14, 2025 Executive Summary September 2025 brought us a delightful buffet of underground incompetence that makes one wonder if cybercriminals are actively competing for the "Most Spectacular Failure" award. From...

EUVD-2019-11109

Malware in sbrugna...