Aggregator

Submit #736554 / VDB-342815

A vulnerability was found in SeaCMS up to 11.1 and classified as problematic. This issue affects some unknown processing of the component Admin Settings Page. Executing a manipulation of the argument checkuser can lead to cross site scripting. This vulnerability appears as CVE-2020-36932. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability has been found in Click2Magic up to 1.1.5 and classified as problematic. This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2020-36931. The attack is possible to be carried out remotely. Moreover, an exploit is present.

美国在台协会（AIT）处长谷立言（Raymond Greene）表示：诺斯洛普格拉曼（Northrop Grumman）公司已在台湾设立一座中口径弹药测试场。

Почему простого удаления недостаточно и как правильно настроить «чистое» устройство.

24 января в России массово «легли» популярные VPN.

Google DeepMind CEO、诺贝尔奖得主、负责开发 Google Gemini 大模型的 Demis Hassabis 以及图灵奖得主 Yann LeCun 都认为大模型虽然备受瞩目，但并非通往 AGI(人类通用智能)之路。Hassabis 表示今天的 AI 虽然令人印象深刻，但距离 AGI 还很遥远。他预测 AGI 在十年内实现的概率是 50%。Yann LeCun 则更悲观，认为今天基于大模型的 AI 永远也无法实现 AGI，需要完全不同的方法。他认为大型语言模型之所以成功是因为语言简单。Anthropic CEO Dario Amodei 则要乐观的多，认为 AI 模型能在一年内取代所有程序员的工作，两年内实现诺奖级别的研究成果，五年内五成白领工作将消失。OpenAI CEO Sam Altman 此前表达过类似观点。对大部分企业领袖而言关键问题还是 AI 何时能带来巨大经济价值。

Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybercrime group claimed it accessed and stole data from the company’s systems. The footwear and apparel giant said it has launched an investigation to assess the […]

Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates. [...]

Варшава отбила самую мощную атаку на свои ТЭЦ и ветряные фермы.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. The impacted element is an unknown function of the component usb. Executing a manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2025-38474. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.39/6.15.7. The affected element is the function cipso_v4_sock_setattr of the component smc. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-38475. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 and classified as critical. This impacts the function unregister_vlan_dev of the component 8021q Module. This manipulation causes memory leak. This vulnerability is tracked as CVE-2025-38470. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7/2277d7cbdf47531b2c3cd01ba15255fa955aab35. It has been classified as critical. Affected by this vulnerability is the function tls_strp_check_rcv of the component tls. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2025-38471. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. The impacted element is the function l2cap_sock_resume_cb of the file include/linux/instrumented.h of the component Bluetooth. The manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38473. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been declared as critical. Affected by this issue is the function __nf_conntrack_find_get of the component netfilter. Executing a manipulation can lead to allocation of resources. This vulnerability is registered as CVE-2025-38472. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function htb_enqueue. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38468. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Impacted is the function kmalloc_array of the component KVM. Performing a manipulation results in privilege escalation. This vulnerability was named CVE-2025-38469. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.