Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989819)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989819 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989899)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989899 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when btinit fails btinit calls btledsinit to register led, but if ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a remote device sending an invalid connection request during a BT connectable LE scan, which could result in a transient denial of service...

Astra Linux - уязвимость в pam

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

EUVD-2023-60048

Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting XSS via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application...

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds...

CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

GHSA-MRPQ-9JR3-RQQ9 Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in several MCP tools. This allows to do the following: - Attackers with Item/Read permission can obtain information about the configured SCM in a job despite lacking Item/Extended Read permission getJobScm...

Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in several MCP tools. This allows to do the following: - Attackers with Item/Read permission can obtain information about the configured SCM in a job despite lacking Item/Extended Read permission getJobScm...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

Jenkins plugin MCP Server 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2025-61235

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...

Siemens SIMATIC Devices Use After Free (CVE-2024-43830)

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate callback and freed by the deactivat...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-26920)

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Linux Distros Unpatched Vulnerability : CVE-2025-61771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a...

You can poison AI with just 250 dodgy documents

Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic which produces...

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling invalid entity IDs, which could cause an entity to reference itself or trigger a warning...

VulnCheck KEV: CVE-2022-28054

Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value...

CVE-2025-41707

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...