Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.16.1. This affects the function dib7090p_rw_on_apb of the component media. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38694. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.6.102/6.12.42/6.15.10/6.16.1 and classified as critical. This issue affects the function exfat_count_dir_entries of the component exfat. The manipulation leads to infinite loop. This vulnerability is referenced as CVE-2025-38692. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.16.1/6.17-rc1. Affected by this vulnerability is an unknown functionality. The manipulation results in uncontrolled recursion. This vulnerability is reported as CVE-2025-38690. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.102/6.12.42/6.15.10/6.16.1. The impacted element is an unknown function of the component iommufd. The manipulation results in privilege escalation. This vulnerability is known as CVE-2025-38688. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16.1/6.17-rc1. Affected by this vulnerability is the function avx512_status. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-38689. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 6 - Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 8 - NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually ...

Currently trending CVE - Hype Score: 7 - Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. ...

Currently trending CVE - Hype Score: 6 - The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ...

Currently trending CVE - Hype Score: 14 - An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an ...

Currently trending CVE - Hype Score: 14 - Unauthorized access to Gateway user capabilities

Currently trending CVE - Hype Score: 14 - An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, ...

Google发布安卓系统月度安全更新，修复107个漏洞，包括两个已被利用的高危漏洞（信息泄露和权限提升）及一个可能导致远程拒绝服务攻击的关键漏洞。

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. The two high-severity shortcomings

Let’s Encrypt 宣布到 2028 年将证书有效期从现在的 90 天缩短至 45 天。此举是为了遵守今年早些时候 Certification Authority Browser Forum (CA/Browser Forum)通过的缩短证书有效期决议。决议要求到 2026 年 3 月 15 日 TLS 证书最长有效期将缩短至 200 天；到 2027 年 3 月 15 日 TLS 证书最长有效期将缩短至 100 天；2029 年 3 月 15 日 TLS 证书最长有效期将缩短至 47 天。Let’s Encrypt 还将缩短验证域名控制权后允许为该域名签发证书的时间间隔，从目前的 30 天缩短至 7 小时。为减少对用户的影响，新的变更将分阶段实施：2026 年 5 月 13 日可选配置有效期 45 天，2027 年 2 月 10 日默认配置有效期 64 天，2028 年 2 月 16 日有效期进一步缩短为 45 天。

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容，抓住主要信息。 文章主要讲的是Let’s Encrypt宣布将证书的有效期从90天缩短到45天，并且计划在2028年实施。这是为了遵守CA/Browser Forum的决议，该决议分阶段缩短证书有效期。此外，验证域名控制权后签发证书的时间间隔也从30天缩短到7小时。为了减少影响，变更会分阶段进行，比如2026年5月可选配置45天有效期，2027年2月默认64天，2028年再缩短到45天。 接下来，我需要把这些信息浓缩成100字以内的摘要。重点包括：Let’s Encrypt、证书有效期缩短到45天、遵守CA/Browser Forum的决议、分阶段实施、以及验证时间间隔的缩短。 然后，我要确保语言简洁明了，不使用复杂的术语。同时，避免使用“文章内容总结”或“这篇文章”这样的开头词。 最后，检查字数是否符合要求，并确保所有关键点都被涵盖。 Let's Encrypt 宣布将证书有效期从 90 天缩短至 45 天，并计划于 2028 年实施。此举遵循 CA/Browser Forum 的决议，分阶段调整证书有效期及域名验证时间间隔。变更将逐步推进以减少对用户的影响。

近期发现摩诃草的新木马StreamSpy，该木马与C2通信采用WebSocket和HTTP结合的方式，通过WebSocket获取指令与回传操作结果，HTTP完成文件传输等操作。该木马还与摩诃草的Spyder存在一定相似性。

A vulnerability marked as critical has been reported in Blood Bank Management System 1.0. Impacted is an unknown function of the file login.php of the component Session Identifier Handler. Performing manipulation results in session fixiation. This vulnerability is known as CVE-2025-63529. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in Blood Bank Management System 1.0. The affected element is an unknown function of the file receiverLogin.php. Executing manipulation of the argument remail/rpassword can lead to sql injection. This vulnerability is handled as CVE-2025-63531. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Blood Bank Management System 1.0. The impacted element is an unknown function of the file delete.php of the component Request Handler. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-63525. The attack is possible to be carried out remotely. No exploit exists.