Aggregator

A vulnerability was found in nodejs undici up to 5.28.x/6.21.1/7.4.x. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-47279. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in mafintosh tar-fs up to 1.16.4/2.1.2/3.0.8. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-48387. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in MIK CryptX up to 0.086 on Perl. Affected by this vulnerability is an unknown functionality. The manipulation leads to dependency on vulnerable third-party component. This vulnerability is known as CVE-2025-40914. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GNU screen and classified as problematic. This issue affects the function Attach of the component Multiuser Session Handler. The manipulation of the argument multiattach leads to manage user sessions. The identification of this vulnerability is CVE-2025-46802. The attack needs to be approached locally. There is no exploit available.

A vulnerability has been found in Linux Kernel up to 5.15.159/6.1.91/6.6.31/6.8.10/6.9.1 and classified as critical. This vulnerability affects the function tpm2_key_encode. The manipulation leads to memory leak. This vulnerability was named CVE-2024-36967. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.159/6.1.91/6.6.31/6.8.10/6.9.1. It has been classified as problematic. This affects the function asn1_encode_sequence in the library lib/asn1_encode.c. The manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2024-36975. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. This issue affects the function set_page_dirty_lock. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-37978. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Hyperion Infrastructure Technology 11.2.14.0.000. Affected by this vulnerability is an unknown functionality of the component Infrastructure. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-27534. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in cURL up to 7.x and classified as critical. Affected by this vulnerability is an unknown functionality of the file /~2/foo of the component SFTP. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-27534. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Dell Wyse Management Suite up to 5.1. Affected is an unknown function. The manipulation leads to exposure of sensitive information through data queries. This vulnerability is traded as CVE-2025-36575. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Dell Wyse Management Suite up to 5.1. Affected is an unknown function. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2025-36578. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Dell Wyse Management Suite up to 5.1. This affects an unknown part. The manipulation leads to absolute path traversal. This vulnerability is uniquely identified as CVE-2025-36574. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

从3120开始的八浪结构数据

A sophisticated cyber threat campaign leveraging malicious unsubscribe links has emerged as a significant security concern, targeting unsuspecting email users across the globe. This deceptive attack vector exploits users’ natural desire to clean up their inboxes, transforming what appears to be a legitimate unsubscribe process into a gateway for credential theft and malware deployment. The […]

The post Don’t Click ‘Unsubscribe’ Links Blindly It May Leads to Loss of Credentials appeared first on Cyber Security News.

GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community Edition (CE) and Enterprise Edition (EE)—contain critical fixes, and administrators are strongly advised to upgrade immediately. […]

The post Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

韦伯望远镜（JWST）观测到一颗距离地球约 300 光年的年轻恒星 YSES-1 周围的两颗系外行星：YSES-1 b 与YSES-1 c，皆为气态巨行星，并且其大气中富含二氧化矽云层（类似沙子）。这些「沙云」经由类似地球水循环的升华与凝结过程维持在空中，甚至形成「沙雨」。YSES-1 c 质量约为木星的 14 倍，其大气中的二氧化矽沙云使其呈现红色外观，并有沙尘向行星核心降落。而另一颗 YSES-1 b 质量约为木星的 6倍，目前仍在形成中，周围环绕着一层扁平的行星盘为其提供丰富的矽酸盐材料，就像正在建造沙堡一样。这不仅是首次直接观测到系外行星大气高层中的二氧化矽云（如富铁辉石、钙铁榴石等），也是首次在行星盘中探测到矽酸盐。

For decades, the CIA Triad of Confidentiality, Integrity, and Availability has been the bedrock framework of information security. While it serves as a conceptual guiding light, its simplicity and vagueness leave room for a tremendous amount of ambiguity, especially when it comes to "Integrity." Unlike confidentiality and availability, which have widely accepted definitions and clear implementation strategies, integrity often lacks operational clarity and measurable enforcement in modern cybersecurity environments. 

So what is integrity, really? More importantly, how do we ensure it?

The post Reimagining Integrity: Why the CIA Triad Falls Short appeared first on Security Boulevard.

A vulnerability was found in FluxBB 1.5.11 and classified as problematic. This issue affects some unknown processing of the file admin_forums.php. The manipulation of the argument Forum Description leads to cross site scripting. The identification of this vulnerability is CVE-2025-44110. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in OpenID Connect Provider Plugin up to 96.vee8ed882ec4d on Jenkins. Affected is an unknown function of the component Build ID Token Handler. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-47884. The attack needs to be initiated within the local network. There is no exploit available.