CVE-2026-2636

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

CVE-2026-2636

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

CVE-2026-2636 Denial of Service in Microsoft OS

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...

PT-2026-21986

Name of the Vulnerable Software and Affected Versions Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025 Windows 11 23H2 and earlier Description The issue is caused by improper handling of invalid use of special elements within the CLFS.sys...

Description of the security update for SharePoint Server 2019: February 10, 2026 (KB5002834)

Description of the security update for SharePoint Server 2019: February 10, 2026 KB5002834 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're...

CVE-2025-11065

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...

CVE-2025-10922

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

Wordfence Bug Bounty Program Monthly Report – September 2025

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

NVIDIA HGX and DGX VBIOS and LS10 - September 2025 - Lenovo Support US

No description provided...

Dark Web Roast - September 2025 Edition

Dark Web Roast - September 2025 Edition By Trellix Advanced Research Center · October 14, 2025 Executive Summary September 2025 brought us a delightful buffet of underground incompetence that makes one wonder if cybercriminals are actively competing for the "Most Spectacular Failure" award. From...

EUVD-2025-27294

Malicious code in bioql PyPI...

EUVD-2025-27690

Malicious code in bioql PyPI...

EUVD-2025-27691

Malicious code in bioql PyPI...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for September 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF005. These vulnerabilities have been also addressed in 25.0.0-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling...

Security Bulletin: NVIDIA App - September 2025

NVIDIA has released a software update for NVIDIA App. To protect your system, download and install the latest version of NVIDIA App from the NVIDIA App site. Go to NVIDIA Product Security...

Malicious code in matplotliv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 491ff5ae8247837ff9be18d46366f453395dab2413f44f6251aff0b271f7d25b Typosqatting package collecting, but not exfiltrating thus fulfiling the educational promise, sensitive data --- Category: PROBABLYPENTEST - Packages looking...

CVE-2025-60018

glib-networking's OpenSSL backend fails to properly check the return value of a call to BIOwrite, resulting in an out of bounds read...

CVE-2025-55557

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service DoS...

Cisco IOS XE Software Web Authentication Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack XSS on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could...