Aggregator

A vulnerability identified as critical has been detected in etruel WPeMatico RSS Feed Fetcher Plugin up to 2.8.11 on WordPress. Affected by this vulnerability is the function wpematico_test_feed. Performing manipulation results in server-side request forgery. This vulnerability is identified as CVE-2025-11917. The attack can be initiated remotely. There is not any exploit available.

A vulnerability has been found in Linux Kernel up to 6.16.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component crypto. Performing manipulation results in incorrect control flow. This vulnerability is reported as CVE-2025-39777. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2. It has been declared as critical. This affects the function mremap. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-39775. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.16.3/6.17-rc2. Affected is the function rzg2l_adc of the component PM Call Handler. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-39774. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in SuiteCRM up to 7.14.7/8.9.0. Impacted is an unknown function. Executing manipulation of the argument call_id can lead to sql injection. This vulnerability is registered as CVE-2025-64488. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

Алгоритм вместо человека, запрет вместо выбора, цензура вместо образования.

使用正常数字签名伪装成某简历的钓鱼样本分析

Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature that allows business owners to report ransom demands directly to malicious actors who threaten them with fake negative reviews. Cybercriminals have developed a sophisticated plan to extort money from businesses […]

The post Google Maps Adds Feature for Businesses to Report Ransom Demands Over Reviews appeared first on Cyber Security News.

2025年11月30日中午12点前

VLC 总裁兼项目核心开发者 Jean-Baptiste Kempf 获得了欧洲自由软件奖，以表彰他在 VLC 项目上的长期贡献。VLC 诞生于 1996 年，最初是一个学生项目，如今已发展成为全球最流行媒体播放器之一，用户数以十亿计。Jean-Baptiste Kempf 在学生时代参与了 VLC 项目，在最早一批的开发者毕业项目面临死亡时，他接过了重担。他与其他核心开发者一起创造了我们今天所依赖于的播放器。

Родительские настройки оказались бессильны против того, с чем сталкиваются дети на платформе.

A vulnerability, which was classified as problematic, has been found in metagauss EventPrime Plugin up to 4.2.0.0 on WordPress. This affects the function booking_add_notes. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-12498. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Linux Kernel and classified as critical. Affected is an unknown function of the component RSA Decryption. Performing manipulation results in transmission of private resources into a new sphere ('resource leak'). This vulnerability is identified as CVE-2023-6240. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in Infinity ZMaintenance Infinity up to 4.1. Impacted is an unknown function of the file /jsp/gsfr_feditorHTML.jsp. The manipulation of the argument pHtmlSource leads to cross site scripting. This vulnerability is listed as CVE-2025-61431. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Samsung Mobile Processor Exynos. Affected is the function get_vs4l_profiler_node of the component NPU. Executing manipulation can lead to null pointer dereference. This vulnerability appears as CVE-2025-54333. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in Samsung Mobile Processor, Wearable Processor and Modem and classified as critical. This vulnerability affects unknown code of the component 5G NRMM Packet Handler. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-49494. The attack can only be initiated within the local network. No exploit exists.