Aggregator

CVE-2025-37960 | Linux Kernel up to 6.12.28/6.14.6/6.15-rc5 memblock_double_array allocation of resources (Nessus ID 240824 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5. Affected is the function memblock_double_array. Executing manipulation can lead to allocation of resources. This vulnerability appears as CVE-2025-37960. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-37957 | Linux Kernel prior 6.12.29/6.14.7/6.15-rc6 KVM arch/x86/kvm/x86.c use after free (Nessus ID 240824 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical has been found in Linux Kernel. Affected by this vulnerability is an unknown functionality of the file arch/x86/kvm/x86.c of the component KVM. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-37957. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-37958 | Linux Kernel up to 6.12.28/6.14.6/6.15-rc5 huge_memory memory corruption (Nessus ID 240824 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5. This affects the function huge_memory. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2025-37958. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-37959 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5 bpf_redirect_peer privilege escalation (Nessus ID 237223 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. This impacts the function bpf_redirect_peer. Performing manipulation results in privilege escalation. This vulnerability is reported as CVE-2025-37959. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-37954 | Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5 smb open_cached_dir allocation of resources (Nessus ID 240824 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. The affected element is the function open_cached_dir of the component smb. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-37954. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-37955 | Linux Kernel up to 6.12.28/6.14.6/6.15-rc5 virtnet_xsk_pool_enable memory leak (Nessus ID 242347 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability has been found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5 and classified as critical. Affected by this issue is the function virtnet_xsk_pool_enable. This manipulation causes memory leak. The identification of this vulnerability is CVE-2025-37955. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-37956 | Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5 ksmbd d_alloc privilege escalation (Nessus ID 242347 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. This affects the function d_alloc of the component ksmbd. This manipulation causes privilege escalation. This vulnerability is handled as CVE-2025-37956. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-37951 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5 timedout_job memory leak (EUVD-2025-15892 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been declared as critical. This issue affects the function timedout_job. Executing manipulation can lead to memory leak. This vulnerability is tracked as CVE-2025-37951. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-37953 | Linux Kernel up to 6.15-rc5 sch_htb htb_deactivate null pointer dereference (EUVD-2025-15902 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.15-rc5. It has been rated as critical. Impacted is the function htb_deactivate of the component sch_htb. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-37953. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-37949 | Linux Kernel up to 6.15-rc5 xenbus xs_wake_up null pointer dereference (EUVD-2025-15894 / Nessus ID 237223)

Vuldb Updates
4 months 2 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.15-rc5. This impacts the function xs_wake_up of the component xenbus. Executing manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2025-37949. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Chrome 內建的翻譯與 Prompt API

Huli's blog
4 months 2 weeks ago

前陣子有個讀者分享給我他自己做的 Chrome extension:JP NEWS Helper,能夠摘要、翻譯 NHK News Easy 上面的文章,幫助學日文。

由於這個擴充套件是開源的,因此我第一件好奇的事就是:「它是用哪一間 AI 的服務,key 怎麼處理?」,結果看了 source code 才發現居然是 Chrome 內建的 Web API,不是我以為的 HTTP API。

算是有點後知後覺,現在才發現原來有內建的 Web API 可以用,因此寫篇文章簡單記錄一下。

Huli

Pear

Dark Feed IO
4 months 2 weeks ago

You must login to view this content

cohenido

Weekly Update 471

Troy Hunt
4 months 2 weeks ago

I'm so happy to finally be getting those HIBP demos out! The first couple are simple, but as I say in this week's vid, it's the simple questions we're still dealing with. As if to taunt me (or prove my point), we

Troy Hunt

Cloud Posture for Lending Platforms: Misconfigurations That Leak PII

Security Boulevard
4 months 2 weeks ago

We have witnessed a surge in cloud adoption and data exposures, with a similar trajectory. A cloud security report highlights that 95% of organizations experienced cloud-related breaches in an 18-month period. Among them, 92% of breaches exposed sensitive data. It is important to note that most incidents do not germinate from exploits that fall under […]

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Kratikal Blogs.

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Security Boulevard.

Puja Saikia

CVE-2025-37940 | Linux Kernel up to 6.14.2 ftrace ftrace_graph_set_hash infinite loop (Nessus ID 237504 / WID-SEC-2025-1114)

Vuldb Updates
4 months 2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.14.2. This issue affects the function ftrace_graph_set_hash of the component ftrace. The manipulation leads to infinite loop. This vulnerability is documented as CVE-2025-37940. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

Managed ad