CVE-2025-20287 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based...

CVE-2025-9785

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...

CVE-2025-9785 Misconfigured certificate validation with self-signed certificates for Print Deploy

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...

PT-2025-35658

Name of the Vulnerable Software and Affected Versions: PaperCut Print Deploy affected versions not specified Description: PaperCut Print Deploy, an optional component integrated with PaperCut NG/MF, is susceptible to man-in-the-middle attacks if not correctly configured with a trusted certificate...

Linux Distros Unpatched Vulnerability : CVE-2012-4230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allow...

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

MAL-2025-42107 Malicious code in valid-sha256 (npm)

The package valid-sha256 was found to contain malicious code...

Malicious code in valid-sha256 (npm)

The package valid-sha256 was found to contain malicious code...

CVE-2025-20342

Cisco IMC vKVM stored XSS (CVE-2025-20342) arises from insufficient input validation in the web-based management interface. An authenticated user with vKVM privileges can inject code via a data field, potentially executing script in the interface context or exposing browser data. Affected product...

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests. "This multi-stage attack chain leverages advanced social engineering including valid code signing...

hippo4j 安全漏洞

hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts...

Commvault 参数注入漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...

CVE-2025-38577

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- end trace...

CVE-2025-38562 ksmbd: fix null pointer dereference error in generate_encryptionkey

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

Liferay Portal Login Bypass Vulnerability

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid...

Linux Distros Unpatched Vulnerability : CVE-2024-42097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping over the main info block match that in loadguspatch. In...

MAL-2025-35539 Malicious code in test-mlw2-hucks-valid (npm)

The package test-mlw2-hucks-valid was found to contain malicious code...