Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2023-34319)

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...

kernel: afs: Fix merge preference rule failure condition

In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...

kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

EUVD-2025-50790

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. Chromium security severity: Low...

CVE-2025-12446

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. Chromium security severity: Low...

Security Evaluation of Quantum Circuit Split Compilation under an Oracle-Guided Attack

Quantum circuits are the fundamental representation of quantum algorithms and constitute valuable intellectual property IP. Multiple quantum circuit obfuscation QCO techniques have been proposed in prior research to protect quantum circuit IP against malicious compilers. However, there has not be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989722 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989375 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the...

UK Court Delivers Split Verdict in Getty Images vs. Stability AI Case

In January 2023, Getty Images filed a major lawsuit in the UK High Court against Stability AI, an…...

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

Chromium: CVE-2025-12446 Incorrect security UI in SplitView

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2025-37235

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

EUVD-2023-60044

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

Brave Browser Desktop 安全漏洞

Brave Browser Desktop is a desktop browser from Brave USA. A security vulnerability exists in Brave Browser Desktop versions prior to 1.83.10, which stems from a failure to follow the SameSite cookie attribute for the Open Link in Split View context menu item when the Split View feature is enable...

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

CVE-2025-48980

Brave Browser Desktop (pre-1.83.10) with Split View enabled has a cookie handling flaw in the Open Link in Split View context menu: SameSite=Strict cookies could be sent during cross-site navigation. This is tied to Brave’s Split View behavior and affects confidentiality with cross-site requests....

PT-2025-44560

Name of the Vulnerable Software and Affected Versions Brave Browser versions prior to 1.83.10 Description The "Open Link in Split View" context menu item in Brave Browser Desktop did not correctly handle the SameSite cookie attribute when the split view feature was enabled. Specifically,...

Siemens SIMATIC Devices Heap-based Buffer Overflow (CVE-2024-0684)

A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service. This plugin only works with Tenable.ot. Please visit...