Aggregator

CVE-2025-68196 | Linux Kernel up to 6.17.7 current_state state issue (Nessus ID 278919)

1 day 2 hours ago

A vulnerability has been found in Linux Kernel up to 6.17.7 and classified as critical. This affects the function current_state. The manipulation leads to state issue. This vulnerability is listed as CVE-2025-68196. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-68294 | Linux Kernel up to 6.17.10 io_uring buffer overflow (Nessus ID 278918)

Vuldb Updates

1 day 2 hours ago

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.10. This affects an unknown part of the component io_uring. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2025-68294. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

Раскрыта новая схема взлома WhatsApp, при которой пользователи сами отдают доступ к переписке хакерам

Securitylab.ru

1 day 2 hours ago

Атака использует легальные функции мессенджера, не требуя перехвата секретных кодов.

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

Hack Read

1 day 2 hours ago

Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.

Owais Sultan

Akamai Cloud: New G8 Dedicated Hardware and Performance VM Shapes

The Akamai Blog

1 day 2 hours ago

Sarah Walter

BlackShrantac

Dark Feed IO

1 day 2 hours ago

You must login to view this content

cohenido

SonicWall security advisory (AV25-845) – Update 1

CCCS - Alerts and advisories

1 day 2 hours ago

Canadian Centre for Cyber Security

Motors WordPress Vulnerability Exposes Sites to Takeover

Information Security Magazine

1 day 2 hours ago

A critical flaw in the Motors WordPress theme affecting more than 20,000 installations allows low-privileged users to gain full control of websites

Exploited SonicWall zero-day patched (CVE-2025-40602)

Help Net Security

1 day 2 hours ago

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw has been exploited by attackers. “This vulnerability was reported to be leveraged in combination with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges,” the company said. About CVE-2025-40602 SonicWall Secure Mobile Access (SMA) 1000 appliances/gateways are used by large, distributed enterprises to allow employees … More →

The post Exploited SonicWall zero-day patched (CVE-2025-40602) appeared first on Help Net Security.

Zeljka Zorz

用友U8Cloud所有版本ServiceDispatcherServlet反序列化补丁绕过文件上传漏洞

先知技术社区

1 day 2 hours ago

攻击者通过利用易受攻击的代码，绕过鉴权并实现任意文件上传，造成严重的系统损害。

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

darkreading

1 day 2 hours ago

Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.

Elizabeth Montalbano, Contributing Writer

CVE-2025-66563 | monkeytypegame monkeytype up to 25.49.0 quote.text/quote.source cross site scripting (GHSA-mfjh-9552-8g27)

Vuldb Updates

1 day 3 hours ago

A vulnerability described as problematic has been identified in monkeytypegame monkeytype up to 25.49.0. Affected is an unknown function. Such manipulation of the argument quote.text/quote.source leads to cross site scripting. This vulnerability is listed as CVE-2025-66563. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.

vuldb.com

CVE-2016-20023 | CKSource CKFinder prior 2.5.0.1 on ASP.NET path traversal

Vuldb Updates

1 day 3 hours ago

A vulnerability marked as problematic has been reported in CKSource CKFinder on ASP.NET. Impacted is an unknown function. This manipulation causes relative path traversal. This vulnerability is handled as CVE-2016-20023. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-66843 | grav up to 1.7.49.4 cross site scripting (EUVD-2025-203401)

Vuldb Updates

1 day 3 hours ago

A vulnerability, which was classified as problematic, has been found in grav up to 1.7.49.4. This impacts an unknown function. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-66843. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

vuldb.com

CVE-2023-53892 | Blackcat CMS 1.4 code unrestricted upload (Exploit 51605)

Vuldb Updates

1 day 3 hours ago

A vulnerability, which was classified as critical, has been found in Blackcat CMS 1.4. Affected is an unknown function. The manipulation of the argument code leads to unrestricted upload. This vulnerability is listed as CVE-2023-53892. The attack may be initiated remotely. In addition, an exploit is available.

vuldb.com

CVE-2023-53891 | blackcat-cms Blackcat CMS 1.4 Page Modification Interface cross site scripting (Exploit 51604)

Vuldb Updates

1 day 3 hours ago

A vulnerability has been found in blackcat-cms Blackcat CMS 1.4 and classified as problematic. This issue affects some unknown processing of the component Page Modification Interface. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-53891. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-67874 | ChurchCRM up to 6.4.x observable response discrepancy (GHSA-p98h-5xcj-5c6x)

Vuldb Updates

1 day 3 hours ago

A vulnerability, which was classified as problematic, has been found in ChurchCRM up to 6.4.x. Affected by this vulnerability is an unknown functionality. This manipulation causes observable response discrepancy. The identification of this vulnerability is CVE-2025-67874. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-59385 | QNAP QTS/QuTS hero authentication spoofing (qsa-25-45)

Vuldb Updates

1 day 3 hours ago

A vulnerability categorized as critical has been discovered in QNAP QTS and QuTS hero. This impacts an unknown function. Such manipulation leads to authentication bypass by spoofing. This vulnerability is traded as CVE-2025-59385. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-62847 | QNAP QTS/QuTS hero argument injection (qsa-25-45)

Vuldb Updates

1 day 3 hours ago

A vulnerability labeled as critical has been found in QNAP QTS and QuTS hero. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to argument injection. This vulnerability is handled as CVE-2025-62847. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-62848 | QNAP QTS/QuTS hero null pointer dereference (qsa-25-45)

Vuldb Updates

1 day 3 hours ago

A vulnerability marked as problematic has been reported in QNAP QTS and QuTS hero. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-62848. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

Aggregator

Managed ad