References to Advisories, Solutions, and Tools| nvd.nist.gov
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurat...| security.paloaltonetworks.com
Modified Analysis by NIST 9/30/2025 9:52:23 AM| nvd.nist.gov
Developers love Redis. Unlock the full potential of the Redis database with Redis Enterprise and start building blazing fast apps.| Redis
A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.| wiz.io
Summary A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted... The post Unauthenticated SS...| IONIX
.png)
The popular packages debug and chalk on npm have been compromised with malicious code| www.aikido.dev
References to Advisories, Solutions, and Tools| nvd.nist.gov
References to Advisories, Solutions, and Tools| nvd.nist.gov
How leaking valid `ObjRef`s to target .NET Remoting for Remote Code Execution is not considered a vulnerability – at least according to Microsoft.| code-white.com
Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.| wiz.io
An authentication bypass in the in the management web interface of Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass ...| security.paloaltonetworks.com
OpenSSH release notes| www.openssh.com
CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.| Qualys
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.| BleepingComputer
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.| Sansec
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash m...| sec.cloudapps.cisco.com
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software| Jenkins Security Advisory 2024-01-24
Learn more about GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).| GitLab
{{os}}| sec.cloudapps.cisco.com
PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.| www.php.net
