Astra Linux - уязвимость в openldap

In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...

JLSEC-2026-173

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime...

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

A previously undocumented macOS infostealer has surfaced during our routine threat hunting. We initially tracked it as NukeChain , but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is designed to steal...

Zoom Workplace VDI Client 6.6 < 6.6.11 Vulnerability (ZSB-26002)

The version of Zoom Workplace VDI Client installed on the remote host is between 6.6 and 6.6.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-26002 advisory. - Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an...

High-severity Qualcomm bug hits Android devices in targeted attacks

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a...

CVE-2026-23140 bpf, test_run: Subtract size of xdp_frame from allowed metadata size

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...

Exploit for CVE-2026-25961

SumatraPDF Insecure Update PoC CVE-2026-25961 – Remote C...

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2021-27212)

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime. This plugin only works...

Fedora: Security Advisory (FEDORA-2025-9b094ba1d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2013-3463

Malware in sbrugna...

EUVD-2019-9083

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-39701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPI: pfrupdate: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates...

Fedora: Security Advisory (FEDORA-2024-4e850a0f86)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-1a2f1733ad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...