Aggregator

CVE-2025-20080 | Intel AMT/Standard Manageability null pointer dereference (intel-sa-01315)

1 week ago

A vulnerability identified as problematic has been detected in Intel AMT and Standard Manageability. Impacted is an unknown function. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-20080. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

SAP security advisory – February 2026 monthly rollup (AV26-107)

CCCS - Alerts and advisories

1 week ago

Canadian Centre for Cyber Security

【提示词注入】AI 安全护栏场景下的绕过实战

先知技术社区

1 week ago

AI 安全护栏并非绝对安全，其本质仍是一个判别系统。在复杂真实场景中，攻击者可以通过构造特定输入或诱导输出，使模型行为偏离设计预期，从而形成潜在绕过风险。

AI 下红队安全工具开发及对接（大模型+MCP）实践

先知技术社区

1 week ago

本文主要是讲 AI 时代下的红队安全工具的开发，以及如何把安全工具接到大语言模型里。涉及到 MCP 客户端的结合，分布式的 MSF 的命令的执行，如何独立的 session 管理，代码优化的思路及调试等内容。以红队安全工具开发的细节处理为初始点，让初学者也能玩转 MCP。

CVE-2025-68780 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 cpudl_find state issue (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Impacted is the function cpudl_find. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-68780. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-68778 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 btrfs_log_new_name reference count (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 and classified as critical. Affected by this vulnerability is the function btrfs_log_new_name. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2025-68778. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

vuldb.com

CVE-2025-68777 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 ti_am335x_tsc off-by-one (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects the function ti_am335x_tsc. This manipulation causes off-by-one. This vulnerability appears as CVE-2025-68777. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-68776 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 prp_get_untagged_frame null pointer dereference (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. Impacted is the function prp_get_untagged_frame. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-68776. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-68773 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 spi buffer overflow (Nessus ID 298404)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. This issue affects some unknown processing of the component spi. The manipulation results in buffer overflow. This vulnerability was named CVE-2025-68773. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

vuldb.com

利用360驱动阻断EDR网络连接

41group

1 week ago

闲来无事发个水文，记录一下特殊情况下分析360安全卫士过程中觉得可以公开的一个点。在对 `360netmon

[Control systems] Siemens security advisory (AV26-106)

CCCS - Alerts and advisories

1 week ago

Canadian Centre for Cyber Security

CVE-2023-45554 | ZZZCMS 2.1.9 imageext unrestricted upload (EUVD-2023-49846)

Vuldb Updates

1 week ago

A vulnerability, which was classified as critical, was found in ZZZCMS 2.1.9. Affected by this issue is some unknown functionality. Such manipulation of the argument imageext leads to unrestricted upload. This vulnerability is documented as CVE-2023-45554. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2023-45555 | ZZZCMS 2.1.9 zzz.php down_url unrestricted upload (EUVD-2023-49847)

Vuldb Updates

1 week ago

A vulnerability was found in ZZZCMS 2.1.9. It has been classified as critical. This issue affects the function down_url of the file zzz.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-45555. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2023-45556 | MyBB 1.8.33 Theme Management Theme Name cross site scripting (GHSA-4xqm-3cm2-5xgf / EUVD-2023-49848)

Vuldb Updates

1 week ago

A vulnerability, which was classified as problematic, was found in MyBB 1.8.33. This affects an unknown function of the component Theme Management. Executing a manipulation of the argument Theme Name can lead to cross site scripting. This vulnerability is tracked as CVE-2023-45556. The attack can be launched remotely. No exploit exists.

vuldb.com

FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands

Cyber Security News

1 week ago

Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unauthenticated attackers to execute arbitrary commands on affected systems. Dubbed an “Improper Neutralization of Input During Web Page Generation” issue (CWE-79), the flaw resides in the graphical user interface (GUI) component and scores a 7.9. At […]

The post FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands appeared first on Cyber Security News.

Guru Baran

Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)

Dark Web Informer - Cyber Threat Intelligence

1 week ago

Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)

Dark Web Informer

Паспортный стол в Discord. Геймеров заставят подтверждать личность под угрозой ограничений

Securitylab.ru

1 week ago

Discord вводит принудительную верификацию возраста для всех.

Volvo Group North America customer data exposed in Conduent hack

Bleeping Computer.

1 week ago

Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. [...]

Bill Toulas

Microsoft rolls out new Secure Boot certificates before June expiration

Bleeping Computer.

1 week ago

Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. [...]

Sergiu Gatlan

Nitrogen

Dark Feed IO

1 week ago

You must login to view this content

cohenido

Aggregator

Managed ad