CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

UBUNTU-CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

CVE-2025-71146

CVE-2025-71146 affects the Linux kernel, specifically the netfilter nf_conncount subsystem. The issue is a leak of ct (connection tracking) objects in error paths where the refcounted check was skipped and the function returned early. The root cause, per the description, is that the refcounted ch...

CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

Exploit for CVE-2025-36911

WhisperPair Exploit Toolkit CVE-2025-36911 !Python 3.8+...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0765 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0765 Source advisory: SNYK:PYTHON-OPENWEBUI-15092093...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0766 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0766 Source advisory: SNYK:PYTHON-OPENWEBUI-15091593...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a leak in connection tracking in the wrong path, which may lead to reference counting issues...

Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store

Is your child's data safe? Google settles for $8.25M over claims it tracked kids under 13 without parental…...

EUVD-2026-4106

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through = 0.2...

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

EU Launches GCVE to Track Vulnerabilities Without Relying on US

The new EU-funded GCVE project is breaking dependence on US databases to track software flaws. Discover how this decentralised system aims to ensure global cybersecurity...

Google will pay $8.25m to settle child data-tracking allegations

Google has settled yet another class-action lawsuit accusing it of collecting children’s data and using it to target them with advertising. The tech giant will pay $8.25 million to address allegations that it tracked data on apps specifically designated for kids. AdMob's mobile data collection Th...

Linux Distros Unpatched Vulnerability : CVE-2026-23952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference...

EUVD-2026-3300

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

EUVD-2026-3319

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

A week in security (January 12 – January 18)

Last week on Malwarebytes Labs: WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping Dutch police sell fake tickets to show how easily scams work "Reprompt" attack lets attackers steal data from Microsoft Copilot Phishing scammers are posting fake "account restricted...

PT-2026-3453

Name of the Vulnerable Software and Affected Versions Koko Analytics versions prior to 2.1.3 Description Koko Analytics, an open-source analytics plugin for WordPress, is susceptible to arbitrary SQL execution due to unescaped analytics export/import and permissive admin SQL import. Unauthenticat...