Aggregator

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. Affected by this vulnerability is the function mlx5_esw_bridge_lag_rep_get. Performing a manipulation results in improper initialization. This vulnerability is cataloged as CVE-2025-21970. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. Affected is the function hdcp_work of the component AMD Display. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-21968. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in simsong tcpflow up to 1.61. The affected element is the function handle_beacon of the component wifipcap. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2026-25061. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in Linux Kernel up to 5.14.15. The affected element is an unknown function of the component qib. Performing a manipulation of the argument qib_user_sdma_pkt results in buffer overflow. This vulnerability is reported as CVE-2021-47485. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

Как выглядит интернет, когда его главным пользователем становится не человек, а алгоритм.

As federal and state governments extend their lists of banned foreign technologies, where is this trend heading next? Is your home network safe for work use?

The post After TikTok: Navigating the Complex Web of Foreign Tech Bans appeared first on Security Boulevard.

漏洞来源一个满评分漏洞漏洞描述enclave-vm 是一个基于 Node.js 的 JavaScript 沙箱工具，专为运行 AI 代理代码设计，目标是：隔离不可信的用户代码，在受限环境中执行 JavaScript，防止恶意代码访问文件系统、网络等敏感资源。它使用了 Node.js 的 VM 模块 或类似的机制构建隔离环境，但依赖于 JavaScript 的原型链和对象继承机制。在 enclave

A vulnerability categorized as problematic has been discovered in phpkobo AjaxNewTicker 1.0.5. The affected element is an unknown function of the file index.php. Such manipulation of the argument cmd leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-41453. The attack can be launched remotely. No exploit exists.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been declared as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument txt results in cross site scripting. This vulnerability is known as CVE-2023-41451. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been rated as problematic. Impacted is an unknown function of the file index.php. This manipulation of the argument txt causes cross-site request forgery. This vulnerability is handled as CVE-2023-41452. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in phpkobo AjaxNewsTicker 1.0.5. Affected is an unknown function. The manipulation of the argument reque results in code injection. This vulnerability is identified as CVE-2023-41450. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in phpkobo AjaxNewTicker 1.0.5. It has been classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2023-41448. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as critical has been reported in phpkobo AjaxNewsTicker 1.0.5. This impacts an unknown function. The manipulation of the argument reque leads to server-side request forgery. This vulnerability is referenced as CVE-2023-41449. Remote exploitation of the attack is possible. No exploit is available.

Киберпреступники теперь знают, где находится каждый корпоративный смартфон.

攻击者不需要破解模型、不需要对抗训练，只需要找到上下文污染的入口，就能让Agent自己执行攻击。

JWT密钥硬编码+JDBC URL参数未过滤，导致未授权任意文件读取及RCE漏洞。

漏洞来源漏洞描述vLLM 是一个用于大型语言模型 (LLM) 的推理和服务引擎。在 0.10.2 到 0.11.1 版本之前，其补全 API 端点存在一个内存损坏漏洞，可能导致程序崩溃（拒绝服务攻击）甚至远程代码执行 (RCE)。该漏洞在处理用户提供的提示嵌入时，使用 `torch.load()` 加载序列化张量，但缺乏充分的验证。由于 PyTorch 2.8.0 引入的一项变更，稀疏张量完整性检

LLM安全护栏攻防对抗

Name: Eschaton CTF 2026 Quals (an Eschaton CTF event.)
Date: Jan. 31, 2026, 4:30 a.m. — 01 Feb. 2026, 04:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://esch26.mcsc.space/
Rating weight: 23.42
Event organizers: Team MCSC

Name: PascalCTF 2026 (an PascalCTF event.)
Date: Jan. 31, 2026, 8 a.m. — 01 Feb. 2026, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.pascalctf.it/
Rating weight: 23.94
Event organizers: Paolo