Aggregator

A vulnerability was found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Stmmac Platform Driver. The manipulation of the argument clk_ptp_rate leads to divide by zero. This vulnerability is handled as CVE-2025-38126. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2. Affected by this vulnerability is the function cscfg_csdev_enable_active_config. The manipulation leads to use after free. This vulnerability is known as CVE-2025-38131. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.2 and classified as critical. This vulnerability affects the function mlb_usio_probe of the component serial. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38135. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2 and classified as problematic. This issue affects the function usbhs_probe of the component usb. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-38136. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.16-rc1. This vulnerability affects the function ufshcd_err_handling_prepare. The manipulation leads to denial of service. This vulnerability was named CVE-2025-38119. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 8058c88ac0df21239daee54b5934d5c80ca9685f. Affected is the function nf_set_pipapo_avx2 of the component netfilter. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-38120. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #629168 / VDB-319879

Submit #629166 / VDB-319878

Submit #629164 / VDB-319877

一键加解密，让你像测试明文一样简单

刚睡醒，就看到群里都在转发一个洞，而且官方还很贴心，代码和思路都有，那就也来跟着学习思路了 1Panel hvv 倒是遇到了一些，不过确实没有打 https://github.com/1Panel-dev/1Panel

Redis HyperLogLog(CVE-2025-32023)漏洞是一个高危的远程代码执行漏洞，影响Redis 2.8至8.0.3的多个版本。攻击者通过构造恶意的HyperLogLog稀疏编码数据，在PFMERGE或PFADD等命令触发时，利用整数溢出导致堆/栈越界写入，最终实现任意代码执行。漏洞核心在于稀疏模式转换过程中未校验寄存器索引idx的负值，通过精心设计的XZERO编码链使idx溢出

最近 hvv 也打了不少契约锁，正好也有源码，这次来分析一下这个漏洞的原因，环境搭建就搭建了半天，然后分析下来也还比较流程 自从实习了也好久没有分析过漏洞了，下班就想玩，正好leader 给了这个任务

信呼OA分析+0day挖掘思路与实操

Charon шифрует с такой скоростью, будто заплатить — это судьба.

置空鉴权字段不仅仅在登录口,在查询处,鉴权处都是很经典的思路如jwt置空加密字段,个人信息置空回显站点全部信息,最简单的思路往往能造成最致命的问题

Arthas在内存马查杀中的应用

通过构造恶意稀疏型HLL与正常密集型HLL执行合并操作，触发Redis在HLL合并过程中导致的整数上溢漏洞，**造成受限地址写**（覆盖`int`负数范围的`3/4`）。 预先构造包含三个`0x3800`字节sds对象（`sdsa/sdsb/sdsc`）及合并后密集型HLL数据的堆布局，利用受限地址写修改sdsb头部类型标识符（`SDSHDR16`的`0x02`改为`SDSHDR64`的`0x04

A vulnerability has been found in IBM WebSphere Application Server Liberty up to 25.0.0.8 and classified as problematic. This vulnerability affects unknown code of the component Web UI. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-36000. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Axis Camera Station Pro and Camera Station. This affects an unknown part. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-7622. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.