Aggregator

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest researchers, who reported them to SAP. The software company confirmed that the attackers have been leveraging a new vulnerability; released an emergency patch on April 24; and urged organizations to upgrade to implement it and check whether … More →

The post Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) appeared first on Help Net Security.

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

从 MCP 攻防实操出发，开启深入理解 MCP 风险与防护思维的深度旅程。

从 MCP 攻防实操出发，开启深入理解 MCP 风险与防护思维的深度旅程。

2025年4月28日，深瞳漏洞实验室监测到一则Pixel & Tonic-Craft CMS组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-32432，漏洞威胁等级：严重。

2025年4月28日，深瞳漏洞实验室监测到一则SAP-NetWeaver组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-31324，漏洞威胁等级：严重。

2025年4月28日，深瞳漏洞实验室监测到一则Pixel & Tonic-Craft CMS组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-32432，漏洞威胁等级：严重。

2025年4月28日，深瞳漏洞实验室监测到一则SAP-NetWeaver组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-31324，漏洞威胁等级：严重。

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 102.2. Affected by this issue is some unknown functionality. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2022-40959. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Thunderbird up to 102.2. This affects an unknown part of the component URL Parser. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-40960. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Thunderbird up to 102.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. This vulnerability is known as CVE-2022-40958. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 102.3 and classified as critical. This vulnerability affects the function getEntries. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2022-42927. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.3 and classified as critical. This issue affects some unknown processing of the component Garbage Collector. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-42928. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.3. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-42929. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.