Aggregator

CVE-2025-37951 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5 timedout_job memory leak (EUVD-2025-15892 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been declared as critical. This issue affects the function timedout_job. Executing manipulation can lead to memory leak. This vulnerability is tracked as CVE-2025-37951. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-37953 | Linux Kernel up to 6.15-rc5 sch_htb htb_deactivate null pointer dereference (EUVD-2025-15902 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.15-rc5. It has been rated as critical. Impacted is the function htb_deactivate of the component sch_htb. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-37953. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-37949 | Linux Kernel up to 6.15-rc5 xenbus xs_wake_up null pointer dereference (EUVD-2025-15894 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.15-rc5. This impacts the function xs_wake_up of the component xenbus. Executing manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2025-37949. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Chrome 內建的翻譯與 Prompt API

Huli's blog
4 months 2 weeks ago

前陣子有個讀者分享給我他自己做的 Chrome extension:JP NEWS Helper,能夠摘要、翻譯 NHK News Easy 上面的文章,幫助學日文。

由於這個擴充套件是開源的,因此我第一件好奇的事就是:「它是用哪一間 AI 的服務,key 怎麼處理?」,結果看了 source code 才發現居然是 Chrome 內建的 Web API,不是我以為的 HTTP API。

算是有點後知後覺,現在才發現原來有內建的 Web API 可以用,因此寫篇文章簡單記錄一下。

Huli

Pear

Dark Feed IO
4 months 2 weeks ago

You must login to view this content

cohenido

Weekly Update 471

Troy Hunt
4 months 2 weeks ago

I'm so happy to finally be getting those HIBP demos out! The first couple are simple, but as I say in this week's vid, it's the simple questions we're still dealing with. As if to taunt me (or prove my point), we

Troy Hunt

Cloud Posture for Lending Platforms: Misconfigurations That Leak PII

Security Boulevard
4 months 2 weeks ago

We have witnessed a surge in cloud adoption and data exposures, with a similar trajectory. A cloud security report highlights that 95% of organizations experienced cloud-related breaches in an 18-month period. Among them, 92% of breaches exposed sensitive data. It is important to note that most incidents do not germinate from exploits that fall under […]

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Kratikal Blogs.

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Security Boulevard.

Puja Saikia

CVE-2025-37940 | Linux Kernel up to 6.14.2 ftrace ftrace_graph_set_hash infinite loop (Nessus ID 237504 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.14.2. This issue affects the function ftrace_graph_set_hash of the component ftrace. The manipulation leads to infinite loop. This vulnerability is documented as CVE-2025-37940. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-40797 | Siemens SIMATIC PCS neo 4.1/5.0 User Management out-of-bounds (ssa-722410 / Nessus ID 265964)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in Siemens SIMATIC PCS neo 4.1/5.0. It has been declared as problematic. This affects an unknown part of the component User Management Component. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-40797. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-23274 | NVIDIA CUDA Toolkit/nvJPEG Image out-of-bounds (Nessus ID 265968)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in NVIDIA CUDA Toolkit and nvJPEG and classified as problematic. This issue affects some unknown processing of the component Image Handler. Executing manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2025-23274. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-23338 | NVIDIA CUDA Toolkit ELF File array index (Nessus ID 265968)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in NVIDIA CUDA Toolkit. It has been classified as problematic. Impacted is an unknown function of the component ELF File Handler. The manipulation leads to improper validation of array index. This vulnerability is referenced as CVE-2025-23338. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-23275 | NVIDIA CUDA Toolkit/nvJPEG Image out-of-bounds write (Nessus ID 265968)

Vuldb Updates
4 months 2 weeks ago
A vulnerability categorized as critical has been discovered in NVIDIA CUDA Toolkit and nvJPEG. This affects an unknown function of the component Image Handler. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-23275. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-23272 | NVIDIA CUDA Toolkit/nvJPEG JPEG File out-of-bounds (Nessus ID 265969)

Vuldb Updates
4 months 2 weeks ago
A vulnerability identified as problematic has been detected in NVIDIA CUDA Toolkit and nvJPEG. The affected element is an unknown function of the component JPEG File Handler. This manipulation causes out-of-bounds read. This vulnerability is registered as CVE-2025-23272. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.
vuldb.com

17-year-old Hacker Responsible for Vegas Casinos Hack has Been Released

Cyber Security News
4 months 2 weeks ago

A 17-year-old suspect who surrendered over his alleged role in the 2023 cyberattacks against two major Las Vegas casino operators was released to his parents under strict supervision.  During his initial hearing before Family Court Judge Dee Smart Butler in Las Vegas, the teenager originally from the Chicago area was ordered to remain in Clark […]

The post 17-year-old Hacker Responsible for Vegas Casinos Hack has Been Released appeared first on Cyber Security News.

Florence Nightingale

Managed ad