CVE-2025-61229

Connected documents confirm a concrete vulnerability in Shirt Pocket’s SuperDuper!

CVE-2025-61229

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

CVE-2025-63317

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...

CVE-2025-61229

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

Securing Large Language Models (LLMs) from Prompt Injection Attacks

Large Language Models LLMs are increasingly being deployed in real-world applications, but their flexibility exposes them to prompt injection attacks. These attacks leverage the model's instruction-following ability to make it perform malicious tasks. Recent work has proposed JATMO, a task-specif...

ASB-A-326571066

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2025-198853

Malicious code in @quick-start-soft/quick-task-refine npm...

Malicious code in @quick-start-soft/quick-task-refine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b916ec147b8ea7421a203e04aee7554ffafacffd6a0aa576031a36f8773dc41 The package @quick-start-soft/quick-task-refine was found to contain malicious code. Source: ghsa-malware...

PT-2026-2514

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SCSI target functionality. Specifically, if memory allocation for cmd-t task cdb fails, the pointer remains NULL and is subsequently dereferenced,...

DualTAP: A Dual-Task Adversarial Protector for Mobile MLLM Agents

The reliance of mobile GUI agents on Multimodal Large Language Models MLLMs introduces a severe privacy vulnerability: screenshots containing Personally Identifiable Information PII are often sent to untrusted, third-party routers. These routers can exploit their own MLLMs to mine this data,...

CVE-2025-40178

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes null is returned for taskactivepidns. Then it will trigger kern...

EUVD-2025-150373

In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very broken. sysprlimit64 does gettaskstructtsk but this only protects...

DEBIAN-CVE-2025-40201

In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very broken. sysprlimit64 does gettaskstructtsk but this only protects...

DEBIAN-CVE-2025-40178

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes null is returned for taskactivepidns. Then it will trigger kern...

UBUNTU-CVE-2025-40178

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes null is returned for taskactivepidns. Then it will trigger kern...

CVE-2025-40201

CVE-2025-40201: Linux kernel vulnerability in sys_prlimit64() handling of task_lock(tsk->group_leader). The issue stems from racing when tsk is not current or not a leader, where task_lock(tsk->group_leader) may reference an already freed task_struct. It can also race with mt-exec changing ...

CVE-2025-40178 pid: Add a judgment for ns null in pid_nr_ns

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes null is returned for taskactivepidns. Then it will trigger kern...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a task-lock contention condition that could lead to process management errors...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990861)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990861 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the...

kernel: sched/rt: Fix race in push_rt_task

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...