Aggregator

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc2. It has been rated as critical. Impacted is the function get_meter_levels_from_urb of the component ALSA. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-68783. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This affects the function push_nsh. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-68785. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. It has been classified as critical. This affects an unknown function of the component scsi. The manipulation of the argument t_task_cdb leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-68782. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

N1CTF Reverse题目全解

XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Allegedly Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent

И как это спасет мир от дефицита аккумуляторов.

A vulnerability identified as problematic has been detected in Intel AMT and Standard Manageability. Impacted is an unknown function. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-20080. The attack is possible to be carried out remotely. No exploit exists.

AI 安全护栏并非绝对安全，其本质仍是一个判别系统。在复杂真实场景中，攻击者可以通过构造特定输入或诱导输出，使模型行为偏离设计预期，从而形成潜在绕过风险。

本文主要是讲 AI 时代下的红队安全工具的开发，以及如何把安全工具接到大语言模型里。涉及到 MCP 客户端的结合，分布式的 MSF 的命令的执行，如何独立的 session 管理，代码优化的思路及调试等内容。以红队安全工具开发的细节处理为初始点，让初学者也能玩转 MCP。

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Impacted is the function cpudl_find. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-68780. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 and classified as critical. Affected by this vulnerability is the function btrfs_log_new_name. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2025-68778. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects the function ti_am335x_tsc. This manipulation causes off-by-one. This vulnerability appears as CVE-2025-68777. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. Impacted is the function prp_get_untagged_frame. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-68776. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects some unknown processing of the component spi. The manipulation results in buffer overflow. This vulnerability was named CVE-2025-68773. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

闲来无事发个水文，记录一下特殊情况下分析360安全卫士过程中觉得可以公开的一个点。在对 `360netmon

A vulnerability, which was classified as critical, was found in ZZZCMS 2.1.9. Affected by this issue is some unknown functionality. Such manipulation of the argument imageext leads to unrestricted upload. This vulnerability is documented as CVE-2023-45554. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in ZZZCMS 2.1.9. It has been classified as critical. This issue affects the function down_url of the file zzz.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-45555. It is possible to initiate the attack remotely. There is no exploit available.