Aggregator

A vulnerability, which was classified as problematic, was found in SICK Field Analytics and Media Server. Affected is an unknown function. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2025-49192. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SICK Field Analytics. This issue affects some unknown processing of the component TLS Handler. The manipulation leads to risky cryptographic algorithm. The identification of this vulnerability is CVE-2025-49196. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been classified as critical. Affected is the function bc_serv of the component xprtrdma. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-49321. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.18.14 and classified as problematic. Affected by this vulnerability is the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-49601. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.128/5.15.52/5.18.9 and classified as critical. Affected by this vulnerability is the function cm_alloc_id_priv. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49671. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.55/5.18.12. This issue affects the function READ_ONCE. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-49632. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.128/5.15.52/5.18.9. It has been classified as critical. This affects the function tipc_bcast_rcv. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49664. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.14 and classified as problematic. Affected by this issue is the function sysctl_fwmark_reflect. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-49602. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.12. It has been declared as problematic. This vulnerability affects the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-49639. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.111/5.15.34/5.17.3. Affected is the function svc_revisit. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-49065. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 4.19.253/5.4.207/5.10.133/5.15.57/5.18.14. It has been declared as problematic. This vulnerability affects the function sysctl_ip_fwd_use_pmtu. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-49604. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.206/5.10.131/5.15.55/5.18.12. It has been classified as problematic. This affects the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-49637. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. Affected by this vulnerability is the function pgd_free. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49210. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

迪士尼和 NBC 环球在洛杉矶地方法院对提供 AI 文本图像生成服务的 Midjourney 公司提起侵权诉讼，这是好莱坞巨头首次对一家生成式 AI 公司提起法律诉讼。两大巨头指控 Midjourney 未经许可利用无数版权保护作品训练其模型，允许用户创建包含知名角色的图像，包括达斯维达、小黄人、《冰雪奇缘》的艾莎、怪物史莱克和荷马辛普森。两家公司称他们一度试图私下解决此事，但 Midjourney 继续发布新版本，提供“更高质量的侵权图像”。迪士尼总法律顾问用“盗版”形容 Midjourney 的行为，而 NBC环球则称为“公然侵权”。好莱坞巨头没有起诉 AI 行业的巨头如 Google、OpenAI 和微软，可能是试图通过在法庭上树立先例之后再瞄准更强大的对手。

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
Modern endpoint security compliance in Windows relies on hybrid management, continuous monitoring, automated patching, and policy enforcement. Migrating from GPOs to CSPs improves scalability and supports remote devices. Integrating with IAM enforces least privilege. Automation, real-time analytics, and role-based controls help reduce risk, ensure compliance, and support evolving management needs. Endpoint security compliance isn’t just … Continued

A critical vulnerability in the widely-used OpenPGP.js library has been discovered that allows attackers to forge digital signatures and deceive users into believing malicious content was legitimately signed by trusted sources. The flaw, designated CVE-2025-47934, represents a fundamental breach of cryptographic trust that could undermine secure communications across numerous web-based applications and email clients that […]

The post OpenPGP.js Vulnerability Let Attackers Spoof Message Signature Verification appeared first on Cyber Security News.

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]

SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data security challenges telecommunications companies face. Current Data Protection Framework SoftBank has established comprehensive data protection policies following […]

The post 137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical command injection vulnerability in Palo Alto Networks PAN-OS operating system enables authenticated administrative users to escalate privileges and execute commands as the root user.  Designated as CVE-2025-4231, this medium-severity vulnerability affects multiple versions of the company’s firewall operating system and poses significant security risks when management interfaces are exposed to untrusted networks.  The […]

The post Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions appeared first on Cyber Security News.