Aggregator

CVE-2026-20612 | Apple macOS up to 26.2 App information disclosure

3 months ago

A vulnerability was found in Apple macOS up to 26.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component App. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2026-20612. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2026-20625 | Apple macOS/visionOS up to 26.2 App information disclosure

3 months ago

A vulnerability marked as problematic has been reported in Apple macOS and visionOS up to 26.2. Impacted is an unknown function of the component App. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-20625. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-67135 | PGST PF-50 1.2 authentication replay

3 months ago

A vulnerability was found in PGST PF-50 1.2. It has been declared as critical. The affected element is an unknown function. Executing a manipulation can lead to authentication bypass by capture-replay. This vulnerability is handled as CVE-2025-67135. The attack can only be done within the local network. There is not any exploit available.

vuldb.com

CVE-2026-20610 | Apple macOS up to 26.2 App symlink

3 months ago

A vulnerability was found in Apple macOS up to 26.2. It has been rated as critical. The impacted element is an unknown function of the component App. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2026-20610. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

vuldb.com

CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks

Cyber Security News

3 months ago

CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation of a critical code execution flaw in Notepad++, a widely used open-source text editor popular among developers and IT professionals. Added on February 12, 2026, with a federal civilian executive branch (FCEB) patching deadline of March 5, 2026, the vulnerability stems […]

The post CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Guru Baran

MUZZLE：针对间接提示注入攻击的网络智能体自适应智能红队测试

3 months ago

作者：Georgios Syros, Evan Rose, Brian Grinstead 译者：知道创宇404实验室翻译组原文链接：https://arxiv.org/html/2602.09222v1 摘要基于大语言模型（LLM）的网络智能体正被广泛部署，通过直接与网站交互并代表用户执行操作，实现复杂在线任务的自动化。这类智能体虽具备强大能力，但其设计使其易受嵌入在不可信网络内容中的...

Срочно обновите свои айфоны. Apple закрыла уязвимость, которую активно используют хакеры

3 months ago

Даже шлемы Vision Pro под ударом. Откладывать установку точно не стоит.

CVE-2026-26031 | Frappe LMS up to 2.43.x authorization

3 months ago

A vulnerability described as problematic has been identified in Frappe LMS up to 2.43.x. This affects an unknown part. Such manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-26031. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2024-50617 | CIPPlanner CIPAce up to 9.16 File Download/Get File improper authorization

3 months ago

A vulnerability was found in CIPPlanner CIPAce up to 9.16. It has been declared as critical. Affected is an unknown function of the component File Download/Get File Handler. Executing a manipulation can lead to improper authorization. This vulnerability is tracked as CVE-2024-50617. The physical device can be targeted for the attack. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-50619 | CIPPlanner CIPAce up to 9.16 User Management privileges management

3 months ago

A vulnerability has been found in CIPPlanner CIPAce up to 9.16 and classified as critical. Affected is an unknown function of the component User Management. Performing a manipulation results in improper privilege management. This vulnerability was named CVE-2024-50619. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-46290 | Apple macOS denial of service

3 months ago

A vulnerability was found in Apple macOS. It has been classified as critical. Impacted is an unknown function. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2025-46290. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-43403 | Apple macOS App information disclosure

3 months ago

A vulnerability identified as problematic has been detected in Apple macOS. This impacts an unknown function of the component App. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-43403. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

vuldb.com

CVE-2025-43417 | Apple macOS up to 14.7 App behavioral workflow

3 months ago

A vulnerability labeled as problematic has been found in Apple macOS up to 14.7. Affected is an unknown function of the component App. Such manipulation leads to enforcement of behavioral workflow. This vulnerability is referenced as CVE-2025-43417. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.

vuldb.com

The Gentleman

3 months ago

You must login to view this content

cohenido

CVE-2025-39958 | Linux Kernel up to 6.16.8 s390 __iommu_release_dma_ownership state issue (EUVD-2025-33325 / WID-SEC-2025-2246)

3 months ago

A vulnerability has been found in Linux Kernel up to 6.16.8 and classified as critical. Affected by this vulnerability is the function __iommu_release_dma_ownership of the component s390. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-39958. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-39955 | Linux Kernel up to 6.16.8 net/ipv4/tcp_timer.c tcp_disconnect denial of service (Nessus ID 272003 / WID-SEC-2025-2246)

3 months ago

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.8. This impacts the function tcp_disconnect of the file net/ipv4/tcp_timer.c. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-39955. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-39956 | Linux Kernel up to 6.12.48/6.16.8 net/core/dev.c igc_probe denial of service (Nessus ID 277016 / WID-SEC-2025-2246)

3 months ago

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.48/6.16.8. Affected is the function igc_probe of the file net/core/dev.c. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-39956. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-39957 | Linux Kernel up to 6.1.153/6.6.107/6.12.48/6.16.8 wifi ieee80211_prep_hw_scan buffer overflow (EUVD-2025-33326 / Nessus ID 274816)

3 months ago

A vulnerability was found in Linux Kernel up to 6.1.153/6.6.107/6.12.48/6.16.8. It has been declared as critical. This vulnerability affects the function ieee80211_prep_hw_scan of the component wifi. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-39957. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-40004 | Linux Kernel up to 6.12.52/6.17.2 USB 9pfs Transport Layer usb9pfs_rx_header buffer overflow (EUVD-2025-35036 / Nessus ID 271675)

3 months ago

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.52/6.17.2. This impacts the function usb9pfs_rx_header of the component USB 9pfs Transport Layer. Such manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2025-40004. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-39954 | Linux Kernel up to 6.16.8 clk recalc_rate divide by zero (Nessus ID 270272 / WID-SEC-2025-2246)

3 months ago

A vulnerability was found in Linux Kernel up to 6.16.8. It has been classified as critical. This affects the function recalc_rate of the component clk. This manipulation causes divide by zero. This vulnerability appears as CVE-2025-39954. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com