Aggregator

A vulnerability has been found in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-39695. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3/6.17-rc2. It has been declared as critical. Impacted is the function ksmbd_rdma_stop_listening. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-39692. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3/6.17-rc2 and classified as critical. This impacts the function shutdown of the component gve. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-38735. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.17-rc2. Affected by this vulnerability is the function request_irq. Executing manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2025-39685. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Google Android 16. The impacted element is an unknown function of the component libxml2. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-26434. An attack has to be approached locally. There is no exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17-rc2. This vulnerability affects unknown code in the library include/linux/skbuff.h of the component netfilter. Performing manipulation results in improper update of reference count. This vulnerability is known as CVE-2025-38732. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.17-rc2. It has been classified as critical. This affects the function br_dev_queue_push_xmit of the file net/core/skbuff.c. This manipulation causes injection. This vulnerability is registered as CVE-2025-39703. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3 and classified as critical. Affected by this vulnerability is the function bno055_get_regmask of the file bno055.c of the component iio. The manipulation of the argument hw_xlate_len leads to out-of-bounds read. This vulnerability is traded as CVE-2025-39719. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

谷歌允许通过ADB方式侧载未经认证的应用程序，并将于明年逐步实施开发者签名验证以确保安全性。该政策旨在防止恶意软件传播，并为开发者和爱好者保留调试功能。

A vulnerability categorized as problematic has been discovered in JBoss KeyCloak. Affected by this vulnerability is the function lowerCaseHostname. Such manipulation leads to open redirect. This vulnerability is listed as CVE-2023-6291. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability identified as problematic has been detected in Red Hat Keycloak and Single Sign-On. Affected by this vulnerability is an unknown functionality of the component HTTP Response Handler. Performing manipulation of the argument KC_RESTART results in information disclosure. This vulnerability is reported as CVE-2024-4540. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Red Hat Keycloak, JBoss Enterprise Application Platform and Single Sign-On. Affected is an unknown function of the component Bruteforce protection. Executing manipulation can lead to improper enforcement of a single, unique action. This vulnerability appears as CVE-2024-4629. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical was found in Red Hat Keycloak and Single Sign-On 7. Impacted is an unknown function of the component Connection URL Handler. The manipulation results in incorrect default permissions. This vulnerability was named CVE-2024-5967. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in itsourcecode POS Point of Sale System 1.0 and classified as problematic. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. This vulnerability is tracked as CVE-2025-10065. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode POS Point of Sale System 1.0 and classified as problematic. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. This vulnerability is listed as CVE-2025-10066. The attack may be performed from remote. In addition, an exploit is available.

Minino is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things)

The post Minino: The “Mini Swiss Army Knife” for IoT Hacking appeared first on Penetration Testing Tools.

人工智能公司Anthropic因使用数百万本盗版书籍训练模型被起诉，并同意支付15亿美元赔偿金。高管明知违规仍允许员工下载盗版内容将被单独起诉，案件将于12月审理。

Kaspersky Lab has published its first comprehensive technical analysis of cyber groups most actively targeting Russian organizations. The

The post Kaspersky Details 14 Cyber Groups Actively Attacking Russian Organizations appeared first on Penetration Testing Tools.

Microsoft has officially released the source code of its very first version of BASIC for the MOS 6502

The post Microsoft Open-Sources Its Historic BASIC for the 6502 Processor appeared first on Penetration Testing Tools.

Google has unveiled the new stable release of Chrome 140, accompanied by the open-source Chromium, which serves as

The post Chrome 140’s New Features Are All About Privacy appeared first on Penetration Testing Tools.