Aggregator

CVE-2025-68780 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 cpudl_find state issue (Nessus ID 298404)

1 week ago

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Impacted is the function cpudl_find. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-68780. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-68778 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 btrfs_log_new_name reference count (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 and classified as critical. Affected by this vulnerability is the function btrfs_log_new_name. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2025-68778. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

vuldb.com

CVE-2025-68777 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 ti_am335x_tsc off-by-one (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects the function ti_am335x_tsc. This manipulation causes off-by-one. This vulnerability appears as CVE-2025-68777. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-68776 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 prp_get_untagged_frame null pointer dereference (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. Impacted is the function prp_get_untagged_frame. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-68776. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-68773 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 spi buffer overflow (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects some unknown processing of the component spi. The manipulation results in buffer overflow. This vulnerability was named CVE-2025-68773. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

vuldb.com

利用360驱动阻断EDR网络连接

41group

1 week ago

闲来无事发个水文，记录一下特殊情况下分析360安全卫士过程中觉得可以公开的一个点。在对 `360netmon

[Control systems] Siemens security advisory (AV26-106)

CCCS - Alerts and advisories

1 week ago

Canadian Centre for Cyber Security

CVE-2023-45554 | ZZZCMS 2.1.9 imageext unrestricted upload (EUVD-2023-49846)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, was found in ZZZCMS 2.1.9. Affected by this issue is some unknown functionality. Such manipulation of the argument imageext leads to unrestricted upload. This vulnerability is documented as CVE-2023-45554. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2023-45555 | ZZZCMS 2.1.9 zzz.php down_url unrestricted upload (EUVD-2023-49847)

Vuldb Updates

1 week ago

A vulnerability was found in ZZZCMS 2.1.9. It has been classified as critical. This issue affects the function down_url of the file zzz.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-45555. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2023-45556 | MyBB 1.8.33 Theme Management Theme Name cross site scripting (GHSA-4xqm-3cm2-5xgf / EUVD-2023-49848)

Vuldb Updates

1 week ago

A vulnerability, which was classified as problematic, was found in MyBB 1.8.33. This affects an unknown function of the component Theme Management. Executing a manipulation of the argument Theme Name can lead to cross site scripting. This vulnerability is tracked as CVE-2023-45556. The attack can be launched remotely. No exploit exists.

vuldb.com

FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands

Cyber Security News

1 week ago

Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unauthenticated attackers to execute arbitrary commands on affected systems. Dubbed an “Improper Neutralization of Input During Web Page Generation” issue (CWE-79), the flaw resides in the graphical user interface (GUI) component and scores a 7.9. At […]

The post FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands appeared first on Cyber Security News.

Guru Baran

Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)

Dark Web Informer - Cyber Threat Intelligence

1 week ago

Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)

Dark Web Informer

Паспортный стол в Discord. Геймеров заставят подтверждать личность под угрозой ограничений

Securitylab.ru

1 week ago

Discord вводит принудительную верификацию возраста для всех.

Volvo Group North America customer data exposed in Conduent hack

Bleeping Computer.

1 week ago

Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. [...]

Bill Toulas

Microsoft rolls out new Secure Boot certificates before June expiration

Bleeping Computer.

1 week ago

Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. [...]

Sergiu Gatlan

Nitrogen

Dark Feed IO

1 week ago

You must login to view this content

cohenido

Take back control: A modern guide to mastering application control

The Red Canary Blog: Information Security Insights

1 week ago

Learn how a robust app control policy can have a meaningful, measurable impact on your organization’s security posture.

Matt Graeber

Threat Hunting Is Critical to SOC Maturity but Often Misses Real Attacks

Cyber Security News

1 week ago

High-performing SOC teams are increasingly turning to sandbox-derived threat intelligence to make threat hunting repeatable and impactful. Tools like ANY.RUN’s TI Lookup enables faster hunts grounded in real attacker behaviours from millions of analyses. Threat hunting remains a cornerstone of mature Security Operations Centers (SOCs), aiming to detect stealthy adversaries before they cause damage. However, […]

The post Threat Hunting Is Critical to SOC Maturity but Often Misses Real Attacks appeared first on Cyber Security News.

Balaji N

FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication

Cyber Security News

1 week ago

Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies. Classified under CWE-305 (Authentication Bypass by Primary Weakness), the flaw resides in the fnbamd daemon and requires specific LDAP server configurations enabling unauthenticated […]

The post FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication appeared first on Cyber Security News.

Guru Baran

Смена длиной в вечность. Новый гуманоид меняет батареи на ходу, чтобы работать 24/7 без перекуров

Securitylab.ru

1 week ago

175 см роста, 70 кг веса, 40 суставов — Mentee Bot V3.1 готов заменить армию грузчиков.

Aggregator

Managed ad