Aggregator

A vulnerability was found in Linux Kernel up to 6.12.20/6.13.8 and classified as critical. This issue affects the function xhci_suspend of the component bcm2711. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-22011. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.84/6.12.20/6.13.8. It has been classified as critical. This affects the function dma_fence_add_callback. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2025-21995. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.84/6.12.20/6.13.8. Affected by this vulnerability is the function qaic_validate_req. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-22001. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

英伟达宣布从580版驱动程序起停止对GTX 700/900/10系列等旧架构显卡的功能更新与错误修复支持,仅提供一年安全更新,影响Linux、Unix及Windows系统,用户仍可继续使用但游戏兼容性问题需由开发商解决。

株式会社クオリティアが提供するActive! mailには、複数の脆弱性が存在します。

A vulnerability has been found in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N and DSR-1000N up to 3.17B901C and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-57376. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Redaxo CMS up to 5.18.2. It has been declared as problematic. This vulnerability affects unknown code of the component AddOns Page. The manipulation of the argument rex-api-result leads to cross site scripting. This vulnerability was named CVE-2025-27412. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Redaxo CMS up to 5.18.2. Affected by this issue is some unknown functionality of the component Mediapool Page. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-27411. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Wyse Proprietary OS up to 2411. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to command injection. This vulnerability is known as CVE-2025-26331. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in nhairs python-json-logger up to 3.2.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability was named CVE-2025-27607. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Dell Wyse Proprietary OS up to 2408. This affects an unknown part. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2025-27688. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in vllm up to 0.7.1. It has been declared as problematic. Affected by this vulnerability is the function hash. The manipulation of the argument constant leads to improper validation of integrity check value. This vulnerability is known as CVE-2025-25183. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PublicCMS 4.0.202406. Affected by this issue is some unknown functionality of the file /cms/CmsWebFileAdminController.java of the component File Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-25361. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft Visual Studio. This issue affects some unknown processing. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-24998. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Visual Studio. Affected is an unknown function. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2025-25003. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to link following. This vulnerability is known as CVE-2025-25008. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office. It has been classified as critical. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-26629. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2025-21392. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

文章介绍了错误代码521的原因及其常见情况，并提供了相应的解决方法和预防措施。

HackerNews 编译，转载请注明出处： 网络安全机构CISA上周发布警告称，德国工业网络设备厂商Microsens的NMP Web+产品存在两个严重漏洞和一个高危漏洞，可能被黑客利用实施远程攻击。 Microsens为工业企业和组织提供交换机、转换器、楼宇控制器等自动化解决方案，其NMP Web+平台用于集中管理工业交换机及网络设备配置。漏洞详情如下： CVE-2025-49151（严重）：未授权攻击者可伪造JSON Web Token（JWT）绕过身份验证； CVE-2025-49153（严重）：攻击者能覆盖服务器文件并执行任意代码； 高危漏洞：JWT令牌未设置过期时间，导致长期有效。 Claroty Team82研究员Noam Moshe（漏洞发现者）向SecurityWeek表示，攻击者可链式利用这些漏洞： 通过伪造JWT获取系统访问权限； 利用文件覆盖漏洞完全控制操作系统。 “这实现了‘从零到英雄’的跳跃——无需任何凭证即可接管系统。”Moshe强调，尽管攻击需访问目标NMP Web+的Web服务器，但大量实例暴露在互联网，存在被扫描攻击的风险。 CISA确认尚未发现野外利用案例，Microsens已发布补丁（Windows/Linux版本3.3.0）。受影响产品在全球范围部署，尤其涉及关键制造业领域。建议用户立即更新至修复版本，并限制管理界面的互联网暴露。   消息来源： securityweek ； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文