r/hackcurity
一个开放的黑客社区,旨在帮助新手成长为资深人士,提供问答和学习资源。用户可访问Discord服务器交流,并参与新的subreddit r/hackcurity,专注于 hacking、安全、工具和心态。
Aggregator
CVE-2022-49874 | Linux Kernel up to 6.0.8 HID mousevsc_probe memory leak (Nessus ID 240793)
11 months 3 weeks ago
A vulnerability was found in Linux Kernel up to 6.0.8. It has been rated as critical. Affected by this issue is the function mousevsc_probe of the component HID. The manipulation leads to memory leak.
This vulnerability is handled as CVE-2022-49874. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-49871 | Linux Kernel up to 4.19.266/5.4.224/5.10.154/5.15.78/6.0.8 net tun_get_user memory leak (Nessus ID 240793)
11 months 3 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 4.19.266/5.4.224/5.10.154/5.15.78/6.0.8. Affected by this vulnerability is the function tun_get_user of the component net. The manipulation leads to memory leak.
This vulnerability is known as CVE-2022-49871. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-49853 | Linux Kernel up to 6.0.8 net macvlan_changelink_sources memory leak (Nessus ID 240793)
11 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.8. Affected is the function macvlan_changelink_sources of the component net. The manipulation leads to memory leak.
This vulnerability is traded as CVE-2022-49853. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-49652 | Linux Kernel up to 5.18.10 ti_dra7_xbar_route_allocate of_parse_phandle reference count (Nessus ID 240793)
11 months 3 weeks ago
A vulnerability classified as problematic was found in Linux Kernel up to 5.18.10. Affected by this vulnerability is the function of_parse_phandle of the component ti_dra7_xbar_route_allocate. The manipulation leads to improper update of reference count.
This vulnerability is known as CVE-2022-49652. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-49729 | Linux Kernel up to 5.18.5 nfcmrvl_play_deferred memory leak (Nessus ID 240793)
11 months 3 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 5.18.5. Affected is the function nfcmrvl_play_deferred. The manipulation leads to memory leak.
This vulnerability is traded as CVE-2022-49729. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-9340 | zenml-io zenml up to 0.67.x device_authorization resource consumption (EUVD-2025-6854)
11 months 3 weeks ago
A vulnerability classified as problematic has been found in zenml-io zenml up to 0.67.x. This affects an unknown part of the file /api/v1/device_authorization. The manipulation leads to resource consumption.
This vulnerability is uniquely identified as CVE-2024-9340. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-32788 | OctoPrint up to 1.10.3 authentication spoofing (GHSA-qw93-h6pf-226x / EUVD-2025-12227)
11 months 3 weeks ago
A vulnerability was found in OctoPrint up to 1.10.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass by spoofing.
This vulnerability is known as CVE-2025-32788. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-44559 | CVE-2025-6829 RTL8762E BLE SDK 1.4.0 Bluetooth Low Energy Stack denial of service (EUVD-2025-19415)
11 months 3 weeks ago
A vulnerability was found in CVE-2025-6829 RTL8762E BLE SDK 1.4.0. It has been classified as problematic. Affected is an unknown function of the component Bluetooth Low Energy Stack. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2025-44559. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
CVE-2025-44557 | Cypress PSoC4 3.66 Bluetooth Low Energy Stack improper authentication (EUVD-2025-19417)
11 months 3 weeks ago
A vulnerability was found in Cypress PSoC4 3.66. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Stack. The manipulation leads to improper authentication.
This vulnerability is handled as CVE-2025-44557. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2025-5310 | Dover Fueling Solutions ProGauge MagLink LX consoles Target Communication Framework Interface missing authentication (icsa-25-168-05 / EUVD-2025-19419)
11 months 3 weeks ago
A vulnerability classified as very critical has been found in Dover Fueling Solutions ProGauge MagLink LX consoles. Affected is an unknown function of the component Target Communication Framework Interface. The manipulation leads to missing authentication.
This vulnerability is traded as CVE-2025-5310. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-52207 | MIKO MikoPBX up to 2024.1.114 PostController.php path traversal (EUVD-2025-19422)
11 months 3 weeks ago
A vulnerability classified as critical was found in MIKO MikoPBX up to 2024.1.114. This vulnerability affects unknown code of the file PBXCoreREST/Controllers/Files/PostController.php. The manipulation leads to relative path traversal.
This vulnerability was named CVE-2025-52207. The attack can be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
Berlin Regulator Orders Apple, Google to Remove DeepSeek
11 months 3 weeks ago
Chinese-Made AI App Faces European Privacy Pushback
A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system
A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system
Feds Warn Patients, Healthcare Entities of Phishing Scams
11 months 3 weeks ago
Alerts Come on the Heels of Recent Attacks on Insurers
U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.
U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.
Misconfigured AI Servers and Weak Configurations Expose Data, Systems
11 months 3 weeks ago
Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.
US Cyber Diplomacy at Risk Amid State Department Shakeup
11 months 3 weeks ago
State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.
CVE-2025-6773 | HKUDS LightRAG up to 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename path traversal (Issue 1692 / EUVD-2025-19421)
11 months 3 weeks ago
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal.
This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
当ChatGPT接入MCP,你的数据是如何被泄露的?
11 months 3 weeks ago
用MCP在ChatGPT看片还能中毒?
微软推出Windows 11 25H2首个测试版 带来1Password等密码管理器的高级集成
11 months 3 weeks ago
微软发布Windows 11 25H2首个测试版,集成1Password等密码管理器,支持Passkey保存至第三方而非系统。修复资源管理器崩溃、开始菜单重复条目等问题,并改进对话框文本显示。部分用户可能遇到安装失败问题,微软正在解决中。
微软确认Windows 11 25H2版将在晚些时候推出 通过eKB启用包完成更新
11 months 3 weeks ago
微软确认Windows 11 25H2将在今年晚些时候推出,利用eKB启用包快速升级已开发但未启用的功能。该版本面向开发者和Beta通道已推送测试,并计划于9月至10月正式发布。家庭版和专业版将获得24个月支持,企业版则为36个月。