Malicious code in salt-surface-indicate (npm)

The package salt-surface-indicate was found to contain malicious code...

MAL-2025-45952 Malicious code in salt-surface-indicate (npm)

The package salt-surface-indicate was found to contain malicious code...

CVE-2024-13066

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17...

SUSE-SU-2025:03075-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution bsc1241690...

Simple Steps for Attack Surface Reduction

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencin...

CVE-2025-36907

In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...

CVE-2025-36907

CVE-2025-36907 affects the Android Pixel stack: a heap buffer overflow in the draw_surface_image() function of abl/android/lib/draw/draw.c allows an out-of-bounds write. This can lead to local elevation of privilege via USB fastboot after a bootloader unlock, with no additional execution privileg...

CVE-2025-36907

In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...

CVE-2025-36907

In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...

PUB-A-418774137

In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...

PT-2025-44141

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc2-g3ee3f6e1202e 335 Description The Linux kernel contains a flaw within the drm/msm subsystem related to Shared Surface Private Pointer SSPP validation. The current code validates SSPP for both the curre...

CVE-2025-55286

The CVE-2025-55286 issue affects z2d v0.7.0/v0.7.0-era MSAA buffering. Under scenarios where a drawn path lies wholly or partly outside the rendering surface, incorrect bounding can cause out-of-bounds access in the coverage buffer, impacting high-level operations (Context.fill/stroke, painter.fi...

Have You Turned Off Your Virtual Oven?

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlike...

Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive

The AI revolution isn't coming. It's already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here's the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad...

Linux Distros Unpatched Vulnerability : CVE-2023-4576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that...

CISA Releases Part One of Zero Trust Microsegmentation Guidance

CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch FCEB agencies implementing zero trust architectures ZTAs. This guidance provides a high-level overview of microsegmentation, focusing on i...

CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementin...

Coverage Plus Context Equals Intelligent Exposure Management

Common Vulnerabilities and Exposures CVEs is the standardized directory of publicly known software flaws that attackers can exploit to carry out cyber attacks. Vulnerability management solutions scan for CVEs to give you a list of all the gaps in your attack surface, but the volume of new...

Sensitive Information Disclosure

parse-server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to allowing public introspection of schema metadata without requiring a session token or master key, potentially aiding attackers in mapping the API surface...

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...