Aggregator

A vulnerability has been found in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600 and classified as problematic. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirect. This vulnerability appears as CVE-2026-1406. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

Submit #736271 / VDB-342794

A vulnerability has been found in Centreon Infra Monitoring up to 24.04.2/24.10.2/25.10.1 and classified as critical. This affects an unknown function of the component Awie Import Module. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-15026. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Submit #736164 / VDB-337047

Автор описывает скрытие процессов и файлов, маскировку сети и антидетект-подходы.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.8. This affects the function open_exec of the component binfmt_misc. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2025-68239. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.17.7. It has been declared as critical. This affects the function dmaengine_pcm of the component ASoC. Such manipulation leads to use after free. This vulnerability is documented as CVE-2025-40338. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7. Impacted is the function stmmac_rx of the component net. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-40337. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.17.7. It has been rated as critical. This impacts the function bnxt_shutdown. This manipulation causes memory corruption. This vulnerability is registered as CVE-2025-40330. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in libsoup. Affected by this issue is some unknown functionality of the component Incoming Message Handler. This manipulation causes buffer access with incorrect length value. This vulnerability is tracked as CVE-2026-0716. The attack is possible to be carried out remotely. No exploit exists.

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver, […]

A vulnerability labeled as problematic has been found in CSZ CMS 1.3.0. Affected by this vulnerability is an unknown functionality. Such manipulation of the argument Social Settings leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-39599. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in IceWarp 11.4.6.0. Impacted is an unknown function. Executing a manipulation of the argument Color can lead to cross site scripting. This vulnerability appears as CVE-2023-39600. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in Zenario CMS 9.4. This affects an unknown function of the component Menu Navigation Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2023-39578. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Chamilo LMS up to 1.11.20. Affected by this vulnerability is an unknown functionality of the component Import Session Handler. The manipulation leads to sql injection. This vulnerability is documented as CVE-2023-39582. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Hexo up to 7.0.0 RC2. This affects an unknown function. Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2023-39584. The attacker must have access to the local network to execute the attack. No exploit exists.