Aggregator

Remote Code Execution Flaw Affects More Than 5,000 Servers
Threat actors are actively exploiting a critical vulnerability in a server file transfer solution. Researchers say the flaw in Wing FTP Server could allow threat actors to execute system-level commands remotely, using null byte and Lua injection without authentication.

专为红队与安全运维打造，一站式资产发现 + 漏洞验证平台免责声明-仅用于授权测试，用户滥用造成的一切后果和作

2025年07月07日-2025年07月13日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

Google计划整合ChromeOS与Android；Commodore推出复古游戏机；英伟达为RTX40系列显卡引入Smooth Motion技术；微软延长Windows10上Microsoft365的支持时间；xAI与Anthropic推出政府版AI产品；彭博社称Apple考虑收购法国AI公司Mistral；少数派发布多款产品及活动信息。

黄仁勋雷军合照曝光；理想 i8 纯电 SUV 黑武士版亮相，新车 7 月 29 日上市；鸿蒙智行首款旅行车享界 S9T 无伪装实车图曝光

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.1. Affected is an unknown function of the component rtnetlink. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-22075. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument l_tree_depth leads to out-of-bounds read. This vulnerability is known as CVE-2025-22079. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. Affected is the function get_net/put_net of the component SMB Client. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2025-22077. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been rated as problematic. This issue affects the function simple_rmdir. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-22072. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been classified as problematic. Affected is the function spufs_new_file. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-22073. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. It has been declared as problematic. Affected by this vulnerability is the function r_count. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-22074. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected by this vulnerability is the function io_uring_cmd_complete_in_task. The manipulation leads to use after free. This vulnerability is known as CVE-2025-22068. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1 and classified as critical. This issue affects the function v9fs_fid_add. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-22070. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been declared as critical. This vulnerability affects the function __arch_ftrace_regs. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-22069. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.14.1. Affected by this issue is the function imx_card_probe. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-22066. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

疑似某黑产新型远控勒索样本分析