Aggregator

A vulnerability was found in Google Android 14/15/16. It has been declared as problematic. This affects an unknown part of the component Unicode Normalization Handler. The manipulation results in information disclosure. This vulnerability was named CVE-2025-48567. The attack needs to be approached locally. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as critical has been detected in Qualcomm Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Affected is an unknown function. Performing a manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2025-47394. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables and classified as critical. This affects an unknown function of the component DSP. The manipulation results in buffer overflow. This vulnerability was named CVE-2025-47388. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon CCW WCN7861. It has been classified as critical. This impacts an unknown function of the component WLAN Management Frame Handler. This manipulation causes buffer over-read. The identification of this vulnerability is CVE-2025-47395. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute and Snapdragon Industrial IOT. Affected is an unknown function of the component HLOS. The manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability was named CVE-2025-47378. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. The affected element is an unknown function of the component Trusted Execution Environment. This manipulation causes improper access control for register interface. This vulnerability is registered as CVE-2025-47385. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon WBC. The affected element is an unknown function of the component Trusted Application. Executing a manipulation can lead to out-of-bounds write. This vulnerability is handled as CVE-2025-47346. It is possible to launch the attack on the local host. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. It has been classified as problematic. This affects an unknown function of the component HLOS. This manipulation causes exposed dangerous routine. This vulnerability is tracked as CVE-2025-47366. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub

A vulnerability marked as problematic has been reported in smallvec Crate up to 0.6.12 on Rust. This impacts an unknown function of the component Reference Type Handler. This manipulation causes uninitialized pointer. The identification of this vulnerability is CVE-2018-25023. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Marked up to 4.0.9. This vulnerability affects unknown code of the component Regular Expression Handler. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2022-21681. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in log4js-node and classified as critical. This vulnerability affects unknown code of the component Log File. Performing a manipulation results in incorrect default permissions. This vulnerability is identified as CVE-2022-21704. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

A vulnerability has been found in Mailer Plugin up to 391.ve4a_38c1b_cf4b_ on Jenkins and classified as critical. Affected by this issue is some unknown functionality of the component DNS Handler. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2022-20614. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability described as critical has been identified in Smarty up to 3.1.42/4.0.2. Affected by this vulnerability is an unknown functionality of the component Template Handler. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2021-21408. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

Philadelphia, PA, United States, March 9th, 2026, CyberNewswire Security Risk Advisors (SRA) is proud to announce the release of its inaugural report, The Purple Perspective 2026. This comprehensive analysis examines real-world detection and prevention performance against a curated set of high-priority adversary techniques, providing actionable insights to improve cybersecurity defenses. The report is based on the […]

The post Security Risk Advisors Releases “The Purple Perspective 2026” Report appeared first on Cyber Security News.

OpenClaw最大的价值，并不是 OpenClaw 自己。

The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. [...]