vendor patching

A concurrency flaw in libcurl’s HSTS sharing code can cause a double-free or use-after-free when two threads share the same HSTS storage, producing crashes and availability failures for affected applications; the bug was disclosed as CVE-2023-27537 and addressed by the curl project and...

A newly assigned CVE, CVE-2025-68229, documents a Linux kernel defect in the SCSI target loop driver (tcm_loop) that can cause a kernel crash: a NULL-pointer dereference in tcm_loop_tpg_address_show when tl_hba->sh was not successfully allocated during driver probe. The upstream maintainers have...

A newly documented Linux-kernel vulnerability, tracked as CVE-2024-23848, is a use‑after‑free in the kernel's Consumer Electronics Control (CEC) stack that can be triggered locally to produce a kernel oops or crash. The bug sits in the cec_queue_msg_fh path — code that handles file-handle...

A subtle ordering bug in the Linux kernel’s Multipath TCP (MPTCP) implementation has been fixed after a syzbot report exposed a race that can lead to a use‑after‑free in mptcp_schedule_work. The upstream remedy is small and surgical — reordering reference‑count operations so the socket reference...

Fuji Electric’s Monitouch V‑SFT‑6 HMI configuration tool contains multiple memory‑corruption vulnerabilities — including both heap‑ and stack‑based buffer overflows — that can crash engineering workstations and, under certain conditions, enable arbitrary code execution when specially crafted...

Microsoft has published advisory guidance tied to CVE‑2025‑55234 that focuses less on a new exploitable bug and more on enabling administrators to find and measure exposure to SMB relay‑style elevation‑of‑privilege attacks before they flip stronger hardening controls. The short form: the SMB...

Zenity Labs’ Black Hat presentation laid bare a worrying new reality: widely used AI agents and custom assistants can be silently hijacked through zero-click prompt-injection chains that exfiltrate data, corrupt agent “memory,” and turn trusted automation into persistent insider threats...

When a vulnerability in critical infrastructure devices like Leviton’s AcquiSuite and Energy Monitoring Hub surfaces, the impact can reverberate well beyond corporate IT—touching utilities, data centers, and building management systems worldwide. Recent disclosures have highlighted a significant...

When a system designed to keep the lights on for critical infrastructure instead risks shutting them off with a few keystrokes, alarm bells ring far beyond the server room. Such is the case with recent critical security advisories surrounding the Voltronic Power and PowerShield lines of...

Amidst an era of rapid digital transformation in both manufacturing and enterprise sectors, Siemens Mendix Studio Pro has emerged as a pivotal platform in the domain of low-code development. Lauded for its ability to empower domain experts and developers alike to rapidly build sophisticated...

The morning after the United States Cybersecurity and Infrastructure Security Agency (CISA) releases a fresh batch of five Industrial Control Systems (ICS) advisories, security teams across multiple industries find themselves poring over technical documentation, re-evaluating their patch...