Aggregator

A vulnerability, which was classified as problematic, was found in Samsung Devices. The impacted element is an unknown function of the component Bluetooth. Such manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-20991. An attack has to be approached locally. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Samsung Devices. This affects an unknown part of the component Fingerprint Trustlet. Such manipulation of the argument hmac_key leads to information disclosure. This vulnerability is referenced as CVE-2025-20989. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Samsung Devices. This vulnerability affects unknown code of the file libsecimaging.camera.samsung.so. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2025-20992. The attack is only possible with local access. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Fingerprint Trustlet. The manipulation of the argument auth_token results in information disclosure. This vulnerability was named CVE-2025-20987. The attack needs to be approached locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Samsung Devices. This issue affects some unknown processing of the file libsecimaging.camera.samsung.so. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is tracked as CVE-2025-20993. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Impacted is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation results in command injection. This vulnerability is cataloged as CVE-2025-3546. The attack must originate from the local network. Furthermore, there is an exploit available. Upgrading the affected component is advised.

淘宝闪购三四线城市年货订单增幅超 580%；iKKO Mind One AI 小手机国行上市；GitHub Copilot 集成 GPT‑5.3‑Codex 。

伪装成终端安全自查工具样本分析

Sensor Intel Series: January 2026 CVE Trends

Sensor Intel Series: January 2026 CVE Trends

敲敲与腾讯公益合作，你用敲敲养成好习惯，顺便支持公益。 产品目前体验下来还比较丝滑，完成当周的打卡目标后，左上角会有“可捐赠”字样的小红花，点进去就能操作了。 捐完之后，可以在微信里带上小红花。 捐款的钱由敲敲团队支付，祝大家新年大吉🎉

glibc 2.38 - Buffer Overflow

Windows 10.0.17763.7009 - spoofing vulnerability

motionEye 0.43.1b4 - RCE

翻过一山，再攀一峰！

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Zimbra Collaboration 10.0版本和10.1版本存在安全漏洞，该漏洞源于RestFilter servlet处理用户输入不当，可能导致本地文件包含。Webmail Classic UI中的RestFilter servlet对用户输入的处理不当。