Aggregator

A vulnerability was found in GnuPG up to 2.4.8 and classified as problematic. The affected element is the function armor_filter of the file g10/armor.c. Executing a manipulation can lead to multiple operations on resource in single-operation context. This vulnerability appears as CVE-2025-68973. The attack requires local access. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in net-snmp up to 5.9.4/5.10.pre1. It has been declared as critical. Impacted is an unknown function of the component snmptrapd. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2025-68615. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Wolf-leo EasyAdmin8 1.0. This affects an unknown function. The manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2023-38915. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in CSZ CMS 1.3.0. It has been declared as problematic. Affected is an unknown function of the component Carousel Wiget. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2023-38910. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in CSZ CMS 1.3.0. This affects an unknown part of the component YouTube URL Field Handler. This manipulation of the argument Gallery causes cross site scripting. This vulnerability is tracked as CVE-2023-38911. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in Super Store Finder 3.6. Impacted is an unknown function. Such manipulation of the argument Username leads to sql injection. This vulnerability is referenced as CVE-2023-38912. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in gpsd and classified as critical. This vulnerability affects the function nextstate of the file gpsd/packet.c. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-67269. Access to the local network is required for this attack to succeed. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as critical, was found in xfig fig2dev 3.2.9a. Affected by this vulnerability is the function bezier_spline. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-46397. The attack requires a local approach. No exploit exists.

A vulnerability was found in Netlify CMS 2.10.192. It has been declared as problematic. This impacts the function the. Executing a manipulation of the argument body can lead to cross site scripting. The identification of this vulnerability is CVE-2023-38904. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in ntpsec gpsd. This impacts the function hnd_129540 of the file drivers/driver_nmea2000.c. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2025-67268. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

Хакеры использовали уязвимость в функции связывания устройств WhatsApp для захвата аккаунтов.

​没有太小的需求，只有太少的想象力。

おかえりなさい (Welcome back!) The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. We’ve brought together some of the world’s most talented security researchers to take on the latest automotive components, pushing them to their limits in a real-world testing environment.

Earlier today, we held the random drawing to determine the order of attempts, setting the stage for an exciting lineup of demonstrations and discoveries. Below is the official schedule based on that draw. All times are listed in Tokyo local time and may change as the competition progresses - updates will be posted as the event unfolds.

In case you missed it, you can watch the draw here.

Jump to:    Day One           Day Two           Day Three

Day One

Wednesday, January 21 – 1100

Team Hacking Group targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Neodyme AG (@Neodyme) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Taejin Kim (@_tae3_), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), Hoseok Lee of SKShieldus (@EQSTLab) of 299 targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1200

PetoWorks (@petoworks) targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1230

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Synacktiv (@synacktiv) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Wednesday, January 21 – 1400

Yannik Marchand (@kinnay) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyunseok Yun, Heaeun Moon, Eungyo Seo of CIS targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points

Synacktiv (@synacktiv) targeting Infotainment USB-based Attack in the Tesla Infotainment category for a total of $35,000 and 3.5 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting EMPORIA Pro Charger Level 2 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller of Compass Security (@compasssecurity) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1500

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1530

Kazuki Furukawa (@_N4NU_) of GMO Cybersecurity by Ierae targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Mia Miku Deutsch (@newbe3e) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Alpitronic HYC50 - Field Mode in the Level 3 Electric Vehicle Chargers category for a total of $60,000 and 6 Master of Pwn points.

Chumy Tsai (@rm_rf_chumy), Jimmy Liu (@DrmnSamoLiu), and Jim Chen (@asef18766) at Cycraft Technology (@cycraft_corp) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1600

Team Zeroshi targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1700

Interrupt Labs (@InterruptLabs) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1730

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Viettel Cyber Security (@vcslab) targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1830

TienPP from FPT NightWolf targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.  

Dong hee Kim (@heehee_0219_) and Jong geon Kim (@kimjor22) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.  

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.  

Jonathan Conrad (@jwconrad.bsky.social) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1900

@ExLuck99 and @gr4ss341 of ANHTUD targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Back to top

Day Two

Thursday, January 22 – 1030

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Inhyung Lee, Seokhun Lee, Chulhan Park, Wooseok Kim, and Yeonseok Jang from Team MAMMOTH targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Julien COHEN-SCALI from FuzzingLabs (@FuzzingLabs) targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.  

Hank Chen (@hank0438) of InnoEdge Labs targeting Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.   

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1130

Neodyme AG (@Neodyme) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Thursday, January 22 – 1200

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Nguyen Thanh Dat (@rewhiles) from Viettel Cyber Security (@vcslab) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

BoredPentester (@BoredPentester) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1230

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Attack and Charging Connector Protocol/Signal Manipulation add-on for a total of $70,000 and 7 Master of Pwn points.

Xilokar ([email protected]) targeting Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1300

PHP Hooligans / Midnight Blue (@midnightbluelab) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1330

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Kazuki Furukawa (@_N4NU_) of GMO Cybersecurity by Ierae targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@clay419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1430

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Rob Blakely of Technical Debt Collectors targeting Automotive Grade Linux in the Operating System category for a total of $40,000 and 4 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1500

BoredPentester (@BoredPentester) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Slow Horses of Qrious Secure (@qriousec) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Thursday, January 22 – 1600

Synacktiv (@synacktiv) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1630

PetoWorks (@petoworks) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1700

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1800

PetoWorks (@petoworks) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@clay419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1830

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeonjun Lee (@gul9ul), Younghun Kwon (@d0kk2bi), Hyeokjong Yun (@dig06161), Dohwan Kim (@neko__hat), Hanryeol Park (@hanR0724), Hyojin Lee (@meixploit), Jinyeong Yoon, and Youngmin Cho (@ZIEN0621) of ZIEN, Inc. targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Evan Grant (@stargravy) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Back to top

Day Three

Friday, January 23 – 1030

Team MST targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Viettel Cyber Security (@vcslab) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Slow Horses of Qrious Secure (@qriousec) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Friday, January 23 – 1200

Slow Horses of Qrious Secure (@qriousec) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

PetoWorks (@petoworks) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Friday, January 23 – 1300

Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy targeting the Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Friday, January 23 – 1330

Nguyen Thanh Dat (@rewhiles) from Viettel Cyber Security (@vcslab) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, Kisang Choi) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Friday, January 23 – 1500

Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Ryo Kato (@Pwn4S0n1c) targeting the Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Nam Ha Bach and Vu Tien Hoa from FPT NightWolf Team targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

The Results 

Follow the action live! We’ll be posting real-time updates and results throughout the competition on our blog and across social media. Stay up to date by following us on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2Own Automotive and #P2OAuto for continuous coverage. 

据称未授权播出了约10分钟内容

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Affected is the function acpi_ns_get_next_node of the component ACPICA. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2025-71118. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This vulnerability affects the function sock_kmalloc of the file algif_kpp.c. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-71113. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This issue affects the function allocate_resource of the file /proc/iomem of the component VIA Watchdog Driver. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-71114. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 and classified as critical. This impacts the function decode_pool of the component libceph. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2025-71116. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

Let’s Encrypt says its short-lived TLS certificates with a 6-day lifetime are now generally available. Each certificate is valid for 160 hours from the time it is issued. To request one, operators must select the “shortlived” profile in their ACME client. The option is opt-in and works with clients that support the certificate profile feature. Let’s Encrypt said this type of certificate requires more frequent validation and reduces reliance on traditional revocation systems by shortening … More →

The post Let’s Encrypt rolls out 6-day and IP-based certificates appeared first on Help Net Security.