Microsoft is changing Edge’s plaintext password behavior

Microsoft said it will change Edge’s password handling as a “defense‑in‑depth” measure. Originally, Edge decrypted the entire saved‑password store on startup and kept all credentials resident in process memory in clear text for the whole browser session, regardless of whether a given credential w...

EUVD-2021-34841

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

Exploit for CVE-2025-4396

CVE-2025-4396 Exploit: Relevanssi SQL Injection Time-Based...

CVE-2026-43352

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...

CVE-2026-43187

In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 "xfs: fix attr leaf header freemap.size underflow", Brian Foster observed that it's possible for a small freemap at the end of the end of the xattr...

SUSE CVE-2026-31677

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Make afalggetrsgl limit each RX scatterlist extraction to the remaining receive buffer budget. afalggetrsgl currently uses afalgreadable only as a gate before...

CVE-2026-31581

CVE-2026-31581 affects the Linux kernel ALSA 6fire USB audio driver. The issue is a use-after-free in usb6fire_chip_abort() where the chip structure is allocated as the card’s private data and, after snd_card_free_when_closed() frees the card (when no file handles are open), a later write to chip...

CVE-2019-25358 FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when...

CVE-2025-14058

CVE-2025-14058 concerns Lenovo Tablets where a missing authentication vulnerability could let an unauthorized user with physical access modify Control Center settings if the device is locked and the option “Allow Control Center access when locked” is disabled. Affected component: Control Center s...

EUVD-2026-2841

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled...

PT-2026-2867

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems freeze callback The freeze all ptr check in filesystems freeze callback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file...

PT-2026-2965

Name of the Vulnerable Software and Affected Versions Lenovo Tablets affected versions not specified Description A missing authentication issue exists in some Lenovo Tablets. An unauthorized user with physical access may be able to modify Control Center settings if the device is locked and the...

CVE-2025-23484

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cojecto Predict When predict-when allows Reflected XSS.This issue affects Predict When: from n/a through = 1.3...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992694 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: don't let userspace block driver unbind In the unbind callback for fuac1 and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992307 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: don't let userspace block driver unbind In the unbind callback for fuac1 and...

CVE-2023-53992

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989785 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed t...

PT-2025-44399

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description Quick.Cart is susceptible to Cross-Site Request Forgery in the product creation functionality. A malicious actor can create a specially crafted website that, when...

CVE-2022-50569 xfrm: Update ipcomp_scratches with NULL when freed

In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcompscratches with NULL when freed Currently if ipcompallocscratches fails to allocate memory ipcompscratches holds obsolete address. So when we try to free the percpu scratches using ipcompfreescratches it tries t...

CVE-2022-50569 xfrm: Update ipcomp_scratches with NULL when freed

In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcompscratches with NULL when freed Currently if ipcompallocscratches fails to allocate memory ipcompscratches holds obsolete address. So when we try to free the percpu scratches using ipcompfreescratches it tries t...