New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereferencing in steamrecv,sendreport It is possible for a malicious device to fail to submit a Feature Report. The HID Steam driver currently does not handle this situation and dereferences the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Added support for Van Gogh SoC. The ROG Xbox Ally non-X SoC features an architecture similar to the Steam Deck. While the Steam Deck supports S3 mode s2idle causes a crash, this feature was removed from the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam – Fixed a use-after-free issue when removing a device. When a hid-steam device is removed, it must clean up the clienthdev that was used to intercept hidraw access. This can result in deferred tasks being scheduled...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drmsched init/fini Currently amdgpu calls drmschedfini from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

CVE-2026-5128

A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...

EUVD-2026-17075

A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...

CVE-2026-5128

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-5128

...

CVE-2026-5128

...

CVE-2026-5128

CVE-2026-5128 affects ArthurFiorette steam-trader 2.1.1 and exposes sensitive Steam account data via the /users API endpoint without authentication, enabling retrieval of usernames, passwords, identity secrets, and shared secrets. Application logs may also disclose authentication artifacts (acces...

编号撤回

Steam Trader is a multi-account automatic trading tool developed by Arthur Fiorette personally. This CVE number has been withdrawn...

PT-2026-29007

Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...

FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.1) +45 more potentially affected by CVE-2024-5986 via ai.h2o:h2o-core (>=0.1.10 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004879)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004879 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steamrecv,sendreport It is possible for a malicio...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21923)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21923 advisory. - In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992923)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992923 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steamrecv,sendreport It is possible for a malicio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992263)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992263 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steamrecv,sendreport It is possible for a malicio...