Aggregator

This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel up to 6.16.7/6.17-rc5. It has been rated as critical. Affected is the function truncate_folio_batch_exceptionals of the component erofs. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2025-39868. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.18.2. Affected is the function of_parse_phandle. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2022-49421. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.13/5.18.2. It has been declared as critical. This affects an unknown function of the component iwlwifi. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2022-49417. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.2 and classified as critical. The affected element is the function of_parse_phandle. Executing a manipulation can lead to improper update of reference count. This vulnerability appears as CVE-2022-49415. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.4.276/5.10.120/5.15.45/5.17.13/5.18.2. This affects the function __es_tree_search of the file fs/ext4/extents_status.c. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2022-49409. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. This vulnerability is reported as CVE-2026-2535. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. This vulnerability appears as CVE-2026-2536. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as critical, was found in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. This vulnerability is traded as CVE-2026-2537. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after

Автоматическое тестирование внезапно «уронило» софт для большой науки.

Smart home devices in many homes collect audio, video, and location data. The apps that control those devices often focus on the account owner, even when the technology also captures guests, neighbors, and other people who never agreed to be monitored. New research examined whether Chinese smart home apps provide privacy protections for these bystanders. The study reviewed 49 apps available in Apple’s App Store in mainland China and found consistent gaps in bystander privacy, … More →

The post Apple privacy labels often don’t match what Chinese smart home apps do appeared first on Help Net Security.

Рынок рабов и интимных услуг в Telegram вырос на 85% и полностью перешел на криптовалюту.

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those advisories ever pass through GitHub’s formal review process. A large scale view of advisory data A review of GitHub Security Advisories published between 2019 and 2025 examined 288,604 advisories. Of those, 23,563, about 8%, completed GitHub’s review process. Although most advisories remain unreviewed, reviewed entries play an outsized role in … More →

The post In GitHub’s advisory pipeline, some advisories move faster than others appeared first on Help Net Security.

In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security teams should use it. He shares his perspective as a former section chief for KEV at CISA and breaks down common misunderstandings about what the list represents. He points out that not every KEV item is equally urgent. Some vulnerabilities require local access or existing privileges, while others allow … More →

The post Don’t panic over CISA’s KEV list, use it smarter appeared first on Help Net Security.

感谢慢雾区白帽 wowo 的投稿。

260 тысяч человек попались на удочку поддельных ИИ-помощников.

In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of […]

The post Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability appeared first on Shared Security Podcast.

The post Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability appeared first on Security Boulevard.

A growing number of homelab builders and small server operators are testing an open source operating system that combines basic server management, storage control, and container services under a web interface. MOS is a free modular OS built on a Devuan base that provides a web UI and API for system monitoring, storage pooling, container orchestration, and virtualization. Web UI and API for server and homelab management MOS presents a browser-accessible dashboard that gives status … More →

The post MOS: Open-source modular OS for servers and homelabs appeared first on Help Net Security.

前几天跟几个朋友聊天，说到一个为什么南北方小年不是同一天的民间传说，我突然想起来小时候我还帮忙整理过一个民间传说的书，回家找了一下果然找到了。 这是濮阳县文化馆当年的一个活动，对各种民间传说、戏曲等进行整理，90年出版的，当时我上初中，每天放学回家就帮忙校对文稿，也参与一些故事的记录。包括姥姥讲的一些民间故事，印象比较深的是王二麻子系列故事（有点像新疆的阿凡提），还有她讲的《女儿经》，这些故事估计现在的孩子都没有听说过了。 #民间传说故事 #濮阳县民间文学