Aggregator

CVE-2011-3402 | Microsoft Windows True Type Fonts win32k.sys memory corruption (Nessus ID 56711 / ID 90803)

3 hours 55 minutes ago

A vulnerability marked as very critical has been reported in Microsoft Windows. This affects an unknown part of the file win32k.sys of the component True Type Fonts. This manipulation causes memory corruption. This vulnerability is registered as CVE-2011-3402. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2021-22555 | Linux Kernel Netfilter net/netfilter/x_tables.c out-of-bounds write (EDB-50135 / Nessus ID 208651)

Vuldb Updates

3 hours 55 minutes ago

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects an unknown function of the file net/netfilter/x_tables.c of the component Netfilter. Executing manipulation can lead to out-of-bounds write. The identification of this vulnerability is CVE-2021-22555. The attack may be launched remotely. Furthermore, there is an exploit available. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2021-43226 | Microsoft Windows up to Server 2022 Common Log File System Driver privilege escalation

Vuldb Updates

3 hours 55 minutes ago

A vulnerability, which was classified as very critical, was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Common Log File System Driver. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2021-43226. The attack can be launched remotely. Moreover, an exploit is present. Applying a patch is advised to resolve this issue.

vuldb.com

CVE-2025-61882 | Oracle Concurrent Processing up to 12.2.14 BI Publisher Integration improper authentication (EUVD-2025-32443)

Vuldb Updates

3 hours 55 minutes ago

A vulnerability was found in Oracle Concurrent Processing up to 12.2.14. It has been rated as critical. This vulnerability affects unknown code of the component BI Publisher Integration. This manipulation causes improper authentication. This vulnerability is tracked as CVE-2025-61882. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

vuldb.com

CVE-2010-3962 | Microsoft Internet Explorer 6/7/8 CSS Tag Parsing resource management (VU#899748 / EDB-15418)

Vuldb Updates

3 hours 55 minutes ago

A vulnerability marked as very critical has been reported in Microsoft Internet Explorer 6/7/8. This impacts an unknown function of the component CSS Tag Parsing. The manipulation leads to improper resource management. This vulnerability is documented as CVE-2010-3962. The attack can be initiated remotely. Additionally, an exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2013-3918 | Microsoft Internet Explorer 7/8/9/10 InformationCardSigninHelper icardie.dll memory corruption (MS13-090 / EDB-29857)

Vuldb Updates

3 hours 55 minutes ago

A vulnerability marked as critical has been reported in Microsoft Internet Explorer 7/8/9/10. The affected element is an unknown function in the library icardie.dll of the component InformationCardSigninHelper. Performing manipulation results in memory corruption. This vulnerability is reported as CVE-2013-3918. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to apply a patch to fix this issue.

vuldb.com

从用友U8Cloud-FileManageServlet反序列化漏洞开始的0day挖掘之旅

先知技术社区

4 hours 1 minute ago

就俩三天没看用友，今天一看结果day没了，不是哥们~，我还等着明年面试用和补天漏洞普查呢，伤心炸了。。。。那没招了，都爆出来了，直接来分享挖掘过程吧，然后希望大家多多出0day，本人小菜，如有不对的地方望大佬指正。

House Dems seek info about ICE spyware contract, wary of potential abuses

CyberScoop

4 hours 2 minutes ago

The three lawmakers said the reported lifting of a stop-work order on a $2 million Paragon Solutions contract threatens Americans’ fundamental rights.

The post House Dems seek info about ICE spyware contract, wary of potential abuses appeared first on CyberScoop.

Tim Starks

Potential EU law sparks global concerns over end-to-end encryption for messaging apps

CyberScoop

4 hours 4 minutes ago

The EU will vote Oct. 14 on a proposal that would use AI or humans to detect child sexual abuse material on their devices.

The post Potential EU law sparks global concerns over end-to-end encryption for messaging apps appeared first on CyberScoop.

djohnson

Redis security advisory (AV25-646)

CCCS - Alerts and advisories

4 hours 4 minutes ago

Canadian Centre for Cyber Security

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

Bleeping Computer.

4 hours 18 minutes ago

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. [...]

Sergiu Gatlan

深入CVE-2025-41243： Spring Cloud Gateway SpEL 从任意属性访问到任意文件下载

先知技术社区

4 hours 20 minutes ago

最近，spring cloud getway 又出了一个10.0分的 SpEL漏洞这个漏洞和之前的CVE-2022-22947漏洞一样依然是在热更新路由时触发表达式执行之前的漏洞不是已经修复的非常完美了吗，为什么还能继续利用呢？

Akira

Dark Feed IO

4 hours 23 minutes ago

You must login to view this content

cohenido

Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users

Hack Read

4 hours 25 minutes ago

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users.

Waqas

高版本下PHP cURL 扩展绕过open_basedir的trick分析

先知技术社区

4 hours 26 minutes ago

之前写过一篇简单的open_basedir绕过，其实没有想到在高版本下的php也会存在这个漏洞，于是再来看看有什么好玩的地方

Qilin

Dark Feed IO

4 hours 27 minutes ago

You must login to view this content

cohenido

Qilin

Dark Feed IO

4 hours 27 minutes ago

You must login to view this content

cohenido

Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management

Cyber Security News

4 hours 31 minutes ago

Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access and becomes the first French cybersecurity provider to protect all remote access within a single platform. Reemo announces Bastion+, a next-generation bastion solution deployable without limits. “Companies don’t need another bastion. They need a global vision that remains simple and […]

The post Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management appeared first on Cyber Security News.

Cybernewswire

大模型安全撬壳：对内容安全的学习

先知技术社区

4 hours 32 minutes ago

通过一次比赛来初识内容安全

CVE-2024-56679 | Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1 otx2_common.c otx2_mbox_get_rsp use after free (Nessus ID 216191)

Vuldb Updates

4 hours 35 minutes ago

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1. This affects the function otx2_mbox_get_rsp of the file otx2_common.c. This manipulation causes use after free. This vulnerability is tracked as CVE-2024-56679. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

Aggregator

Managed ad