Aggregator

Currently trending CVE - Hype Score: 10 - Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)

A vulnerability has been found in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600 and classified as problematic. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirect. This vulnerability appears as CVE-2026-1406. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

Submit #736271 / VDB-342794

A vulnerability has been found in Centreon Infra Monitoring up to 24.04.2/24.10.2/25.10.1 and classified as critical. This affects an unknown function of the component Awie Import Module. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-15026. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Submit #736164 / VDB-337047

Автор описывает скрытие процессов и файлов, маскировку сети и антидетект-подходы.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.8. This affects the function open_exec of the component binfmt_misc. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2025-68239. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.17.7. It has been declared as critical. This affects the function dmaengine_pcm of the component ASoC. Such manipulation leads to use after free. This vulnerability is documented as CVE-2025-40338. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7. Impacted is the function stmmac_rx of the component net. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-40337. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.17.7. It has been rated as critical. This impacts the function bnxt_shutdown. This manipulation causes memory corruption. This vulnerability is registered as CVE-2025-40330. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in libsoup. Affected by this issue is some unknown functionality of the component Incoming Message Handler. This manipulation causes buffer access with incorrect length value. This vulnerability is tracked as CVE-2026-0716. The attack is possible to be carried out remotely. No exploit exists.

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver, […]