Aggregator

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc1/6.14-rc2. The impacted element is the function usb_check_int_endpoints of the file usb.c. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-21794. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. This affects the function nfsd4_shutdown_callback. Performing a manipulation results in state issue. This vulnerability is cataloged as CVE-2025-21795. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. The impacted element is the function vxlan_vnigroup_init. This manipulation causes unchecked return value. This vulnerability appears as CVE-2025-21790. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. The impacted element is the function l3mdev_l3_out. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-21791. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2. It has been rated as critical. The affected element is an unknown function of the component sn-f-ospi. This manipulation causes divide by zero. This vulnerability is tracked as CVE-2025-21793. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. The affected element is the function ax25_release in the library lib/refcount.c. The manipulation results in improper update of reference count. This vulnerability is reported as CVE-2025-21792. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2. It has been classified as problematic. This impacts an unknown function. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2025-21789. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. It has been declared as critical. Impacted is the function am65_cpsw_build_skb. The manipulation results in allocation of resources. This vulnerability is identified as CVE-2025-21788. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as problematic. This affects an unknown function in the library lib/vsprintf.c. The manipulation results in privilege escalation. This vulnerability is identified as CVE-2025-21787. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2 and classified as critical. The impacted element is the function kthread_stop. The manipulation leads to use after free. This vulnerability is referenced as CVE-2025-21786. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-15535. The attack is only possible with local access. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as critical has been found in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2025-15537. The attack must be carried out locally. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Цепочка начинается с декодирования аудио в сообщениях и заканчивается выходом на уровень ядра.

记录一下这条链子，hessian反序列化入口很直接定义了白名单，只能反序列化白名单中的类org.springframework.jndi. 这个白名单对应的sink点是org.springframework.jndi.support.SimpleJndiBeanFactory.lookup() 这个jndi，lookup方法是由这个类中的getBean 方法触发，怎么把这条链子连起来就和hessi

As Hollywood imagines our future, are brain and human microchip implants nearing a “ChatGPT moment” in 2026? Medical progress collides with privacy fears and state bans.

The post Will 2026 See a ‘ChatGPT Moment’ for Microchip Implants? appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as critical. This vulnerability affects the function psp_init_cap_microcode. Executing a manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2025-21784. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been classified as critical. This issue affects some unknown processing of the component cacheinfo. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2025-21785. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as critical. This affects the function gpiochip_get_ngpios. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2025-21783. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3. Affected by this issue is the function orangefs_debug_write. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-21782. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as critical. Impacted is the function batadv_hardif_neigh_node. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2025-21781. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.