Aggregator

为智慧水务高质量发展注入新动能

Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well

A notorious marketplace for fraud, Tudou Guarantee, appears to have closed its public Telegram groups

满10人开班～

攻击者借ACME挑战路径绕过Cloudflare所有安全规则

看雪论坛作者ID：易之生生

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.64/6.18.3/6.19-rc3 and classified as critical. The affected element is an unknown function of the component mac80211. Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-71127. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. The impacted element is the function sys_perf_event_open of the file kernel/tracepoint.c. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2025-71125. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Impacted is the function crypto_aead_encrypt. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-71131. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3. Affected is the function adv7842_cp_log_status of the component media. Executing a manipulation can lead to unchecked return value. This vulnerability appears as CVE-2025-71136. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been declared as problematic. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. This vulnerability is handled as CVE-2026-1154. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. This vulnerability was named CVE-2026-1155. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. The identification of this vulnerability is CVE-2026-1156. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. This vulnerability is referenced as CVE-2026-1157. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Major Telegram-based illicit marketplace Tudou Guarantee appears to be shutting down its operations, according to Elliptic. Blockchain cybersecurity firm Elliptic reports that Tudou Guarantee, a major Telegram-based illicit marketplace in Southeast Asia, has stopped transactions in its public groups after handling over $12 billion. The researchers noted that other services still run, so a full […]

Пекин лишает высокочастотных трейдеров их главного преимущества.

A vulnerability was found in Ruijie RG-EW and classified as critical. This vulnerability affects the function v.EW_3.0(1)B11P204 of the file unifyframe-sgi.elf. Such manipulation leads to command injection. This vulnerability is documented as CVE-2023-38902. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical was found in berkaygediz O_Blog 1.0. Impacted is the function secure_file_priv. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2023-38899. The attack must be initiated from a local position. There is no exploit available.

A vulnerability, which was classified as critical, has been found in vTiger CRM 7.5.0. The affected element is the function getQueryColumnsList of the file ReportRun.php. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2023-38891. The attack can be initiated remotely. There is not any exploit available.