Aggregator

从 AI 女友到数字面试官，人格化 AI 正在「登陆」你的所有屏幕。

A vulnerability has been found in Docmosis Tornado up to 2.9.4 and classified as critical. Affected by this issue is some unknown functionality of the component Office Directory Setting Handler. This manipulation causes privilege escalation. The identification of this vulnerability is CVE-2023-25266. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in GFI Kerio Connect 9.4.1 Patch 1. This issue affects some unknown processing of the file webmail/api/jsonrpc of the component 2FASetup. Performing manipulation of the argument primaryEMailAddress results in stack-based buffer overflow. This vulnerability is identified as CVE-2023-25267. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Cure53 DOMPurify up to 1.0.10. This affects an unknown function of the file demos/hooks-target-blank-demo.html. The manipulation leads to use of web link to untrusted target with window.opener access. This vulnerability is listed as CVE-2019-25155. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Docmosis Tornado up to 2.9.4. The affected element is an unknown function of the component Request Handler. The manipulation results in improper authentication. This vulnerability is cataloged as CVE-2023-25264. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Docmosis Tornado up to 2.9.4. It has been declared as critical. Affected is an unknown function. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2023-25265. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Stimulsoft Designer 2023.1.4/2023.1.5. This vulnerability affects unknown code in the library Stimulsoft.report.dll. Such manipulation leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2023-25263. The attack can only be performed from a local environment. No exploit is available.

A vulnerability identified as critical has been detected in Stimulsoft Designer Web 2023.1.3. Impacted is an unknown function. Performing manipulation results in server-side request forgery. This vulnerability was named CVE-2023-25262. The attack may be initiated remotely. There is no available exploit.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding crucial information about identifying vulnerable systems and detecting potential threats. Critical Flaw in Windows Server Update Service Microsoft released an […]

The post CISA Alerts on Active Exploitation of WSUS Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

В Госдуме заговорили об ограничениях для коммерческих компаний.

Currently trending CVE - Hype Score: 2 - On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to this misconfiguration, ...

A vulnerability has been found in Linux Kernel up to 6.17.2 and classified as critical. This issue affects the function crypto_acomp_streams of the component crypto. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2025-40063. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. The impacted element is the function qm_diff_regs of the component crypto. This manipulation causes improper initialization. This vulnerability is handled as CVE-2025-40062. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.52/6.17.2 and classified as critical. This affects the function ecap_slads of the component iommu. Executing manipulation can lead to state issue. This vulnerability is registered as CVE-2025-40058. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. The affected element is the function etm_setup_aux of the component TRBE Driver. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-40060. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.52/6.17.2. Impacted is the function devm_kzalloc of the component coresight. The manipulation of the argument return leads to unchecked return value. This vulnerability is traded as CVE-2025-40059. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. It has been rated as critical. This vulnerability affects the function copy_to_iter of the component vhost. Performing manipulation of the argument return results in unchecked return value. This vulnerability is reported as CVE-2025-40056. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.52/6.17.2. This issue affects the function max_vclocks of the component ptp. Executing manipulation of the argument max can lead to privilege escalation. This vulnerability appears as CVE-2025-40057. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

У владельцев HTTP-ресурсов остаётся ровно год на подготовку.

78% of organizations were hit by an email breach in the past 12 months, according to the Email Security Breach Report 2025 by Barracuda. Phishing, impersonation, and account takeover continue to drive incidents that often lead to ransomware and data loss. Breaches are widespread and interconnected Phishing and spear phishing were the most common breach types, followed by business email compromise and account takeover. These attacks often overlap. A single phishing email can expose credentials … More →

The post Email breaches are the silent killers of business growth appeared first on Help Net Security.