Aggregator

A vulnerability described as critical has been identified in Speedywiki 2.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component File Upload. Executing a manipulation of the argument Upload can lead to unrestricted upload. This vulnerability is registered as CVE-2006-5845. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in FreeWebshop 2.1/2.2.1/2.2.2. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to path traversal. This vulnerability is documented as CVE-2006-5846. The attack can be initiated remotely. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability has been found in Opendarwin Darwin kernel 8.8.1 and classified as problematic. This affects the function syscall. This manipulation causes denial of service. This vulnerability is handled as CVE-2006-5836. It is possible to launch the attack on the local host. Additionally, an exploit exists. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in Rust up to 1.58.0. This vulnerability affects the function std::fs::remove_dir_all. The manipulation results in time-of-check time-of-use. This vulnerability is cataloged as CVE-2022-21658. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Oracle MySQL Server up to 8.0.30. Impacted is an unknown function of the component Optimizer. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2022-21640. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Oracle MySQL Server up to 8.0.29. The affected element is an unknown function of the component Optimizer. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2022-21641. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Oracle MySQL Server up to 8.0.30 and classified as critical. This impacts an unknown function of the component InnoDB. This manipulation causes denial of service. This vulnerability is tracked as CVE-2022-21637. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in Oracle MySQL Server up to 8.0.29. This issue affects some unknown processing of the component Optimizer. This manipulation causes denial of service. This vulnerability appears as CVE-2022-21638. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical has been found in Oracle PeopleSoft Enterprise PeopleTools 8.59/8.60. Affected by this vulnerability is an unknown functionality of the component Elastic Search Integration. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2022-21639. The attack can be initiated remotely. There is not any exploit available.

2024年6月，苏格兰籍威胁行为体Tyler Robert Buchanan在西班牙被捕，后于2024年11月被美方正式起诉。2025年，美国司法部正式宣布该成员对参与Scattered Spider网络犯罪组织的相关指控认罪。

Cyber risk used to be the kind of problem you could delegate. Something for the CISO, the IT team, and maybe an external auditor to worry about once a year. That comfort zone is gone. In the last decade, a new reality has set in: a single cyber incident can erase hundreds of millions of […]

The post The $700 million question: How cyber risk became a market cap problem first appeared on TrustCloud.

The post The $700 million question: How cyber risk became a market cap problem appeared first on Security Boulevard.

Linus Torvalds 在内核邮件列表上宣布释出 Linux 7.1-rc1。主要变化包括：移除对部分旧硬件的支持，其中包括 i486 和俄罗斯 Baikal CPU，清理部分旧 PCMCIA 驱动；新 NTFS 驱动，支持 12 种新 SoC，新联想 Legion Go 驱动，Intel QAT Zstd 支持，AMD Zen 6 支持，Intel Linear Address Space Separation (LASS)，等等。

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to

Safe vulnerability disclosure for UK SMEs: a practical guide For many UK SMEs, the idea of someone reporting a security weakness can feel unsettling at first. It may sound technical, formal, or even a little confrontational. In practice, safe vulnerability disclosure is simply a controlled way for people to tell you about a security issue […]

The post Safe vulnerability disclosure for UK SMEs: a practical guide appeared first on Clear Path Security Ltd.

The post Safe vulnerability disclosure for UK SMEs: a practical guide appeared first on Security Boulevard.

告别时间线上的「Dirty Work」。当技术足够先进时，它应该变得透明。

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12. This affects the function lan966x_fdma_rx_alloc_page_pool of the component net. The manipulation results in infinite loop. This vulnerability is known as CVE-2026-31646. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in FreeRDP up to 3.24.x. This vulnerability affects the function contains_dotdot of the file channels/drive/client/drive_file.c of the component Remote Desktop Protocol. Such manipulation leads to off-by-one. This vulnerability is uniquely identified as CVE-2026-40254. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Deskflow up to 1.26.0.138. The impacted element is the function ClipboardChunk::assemble in the library src/lib/deskflow/IClipboard.cpp. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-41476. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. It has been rated as critical. The impacted element is the function rtw_BIP_verify of the file drivers/staging/rtl8723bs/core/rtw_security.c of the component staging. This manipulation causes uninitialized pointer. This vulnerability appears as CVE-2026-31626. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This vulnerability affects the function smb2_get_ea of the component ksmbd. Performing a manipulation results in uninitialized pointer. This vulnerability is cataloged as CVE-2026-31612. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.