Aggregator

CVE-2025-40060 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 TRBE Driver etm_setup_aux null pointer dereference (Nessus ID 271889 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. The affected element is the function etm_setup_aux of the component TRBE Driver. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-40060. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-40059 | Linux Kernel up to 6.12.52/6.17.2 coresight devm_kzalloc return return value (Nessus ID 271886 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.52/6.17.2. Impacted is the function devm_kzalloc of the component coresight. The manipulation of the argument return leads to unchecked return value. This vulnerability is traded as CVE-2025-40059. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-40056 | Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2 vhost copy_to_iter return return value (Nessus ID 271918 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. It has been rated as critical. This vulnerability affects the function copy_to_iter of the component vhost. Performing manipulation of the argument return results in unchecked return value. This vulnerability is reported as CVE-2025-40056. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2025-40057 | Linux Kernel up to 6.12.52/6.17.2 ptp max_vclocks max privilege escalation (Nessus ID 271907 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.52/6.17.2. This issue affects the function max_vclocks of the component ptp. Executing manipulation of the argument max can lead to privilege escalation. This vulnerability appears as CVE-2025-40057. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

Email breaches are the silent killers of business growth

Help Net Security
2 weeks ago

78% of organizations were hit by an email breach in the past 12 months, according to the Email Security Breach Report 2025 by Barracuda. Phishing, impersonation, and account takeover continue to drive incidents that often lead to ransomware and data loss. Breaches are widespread and interconnected Phishing and spear phishing were the most common breach types, followed by business email compromise and account takeover. These attacks often overlap. A single phishing email can expose credentials … More →

The post Email breaches are the silent killers of business growth appeared first on Help Net Security.

Anamarija Pogorelec

ZDI-CAN-28212: Flowise

ZDI: Upcoming Advisories
2 weeks ago
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of Trend Research' was reported to the affected vendor on: 2025-10-30, 14 days ago. The vendor is given until 2026-02-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

SUSE Linux Enterprise Server 16 puts AI in the operating system

Help Net Security
2 weeks ago

SUSE has released SUSE Linux Enterprise Server (SLES) 16, calling it AI-ready and built for long-term use. The release marks the first major update in the Enterprise Server line in more than five years and signals a new direction for how Linux might integrate with AI tools in the future. A Linux built for the next decade SLES 16 is the company’s first release built on its new Adaptable Linux Platform. It’s designed for the … More →

The post SUSE Linux Enterprise Server 16 puts AI in the operating system appeared first on Help Net Security.

Sinisa Markovic

CVE-2025-40054 | Linux Kernel up to 6.17.2 f2fs f2fs_merge_page_bio use after free (WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17.2. The affected element is the function f2fs_merge_page_bio of the component f2fs. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-40054. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2025-40055 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 ocfs2 user_cluster_connect double free (WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 and classified as critical. The impacted element is the function user_cluster_connect of the component ocfs2. Performing manipulation results in double free. This vulnerability is cataloged as CVE-2025-40055. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-40051 | Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2 vhost copy_from_iter return value (Nessus ID 271910 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. It has been classified as critical. Affected by this issue is the function copy_from_iter of the component vhost. This manipulation causes unchecked return value. This vulnerability is registered as CVE-2025-40051. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-40053 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 net netdev_alloc_skb_ip_align null pointer dereference (Nessus ID 271901 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability was found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. It has been declared as critical. This affects the function netdev_alloc_skb_ip_align of the component net. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-40053. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40052 | Linux Kernel up to 6.6.111/6.12.52/6.17.2 Crypto API smb2ops.c cifs_sg_set_buf sensitive_size privilege escalation (Nessus ID 271900 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.111/6.12.52/6.17.2. Impacted is the function cifs_sg_set_buf of the file smb2ops.c of the component Crypto API. This manipulation of the argument sensitive_size causes privilege escalation. This vulnerability is tracked as CVE-2025-40052. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-54546 | Arista DANZ Monitoring Fabric SSH Port Forwarding permission assignment (EUVD-2025-36727)

Vuldb Updates
2 weeks ago
A vulnerability classified as problematic was found in Arista DANZ Monitoring Fabric up to CCF 6.2.4/CVA 7.0/DMF 8.5.2/DMF 8.6.1/MCD 2.4.0. This impacts an unknown function of the component SSH Port Forwarding Handler. Executing manipulation can lead to incorrect permission assignment. This vulnerability is handled as CVE-2025-54546. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-54545 | Arista DANZ Monitoring Fabric CLI Sandbox permission assignment (EUVD-2025-36728)

Vuldb Updates
2 weeks ago
A vulnerability, which was classified as critical, has been found in Arista DANZ Monitoring Fabric up to CCF 6.2.4/CVA 7.0/DMF 8.5.2/DMF 8.6.1/MCD 2.4.0. Affected is an unknown function of the component CLI Sandbox. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2025-54545. Local access is required to approach this attack. No exploit exists.
vuldb.com

CVE-2025-40049 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 open_by_handle_at uninitialized variable (Nessus ID 271899 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. This vulnerability affects the function open_by_handle_at. The manipulation leads to use of uninitialized variable. This vulnerability is referenced as CVE-2025-40049. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40046 | Linux Kernel up to 6.17.2 io_zcrx_recv_skb buffer overflow (Nessus ID 271919 / WID-SEC-2025-2431)

Vuldb Updates
2 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.2. Affected by this issue is the function io_zcrx_recv_skb. Performing manipulation results in buffer overflow. This vulnerability was named CVE-2025-40046. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

Managed ad