Aggregator

Submit #636131 / VDB-321697

Submit #636130 / VDB-321696

A vulnerability classified as critical was found in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. This vulnerability is uniquely identified as CVE-2025-9580. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. This vulnerability is handled as CVE-2025-9579. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #636128 / VDB-321695

Submit #636127 / VDB-321694

【近期工作】TETD:在可信域中可信执行这篇工作发表于 USENIX Security 2025，由南方科技

Make sure your Chrome browser is updated to the latest version to stay protected.

Currently trending CVE - Hype Score: 1 - Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Currently trending CVE - Hype Score: 1 - Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

A vulnerability classified as critical was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791 and MT8797. The affected element is an unknown function of the component msdc. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2023-20626. The attack needs to be approached locally. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT6879, MT6895, MT6983, MT8167 and MT8168. The impacted element is an unknown function of the component pqframework. This manipulation causes out-of-bounds write. The identification of this vulnerability is CVE-2023-20627. The attack can only be executed locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in MediaTek MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T and MT8797. This affects an unknown function of the component thermal. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2023-20628. The attack can only be performed from a local environment. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability has been found in MediaTek MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666 and MT8675 and classified as critical. This impacts an unknown function of the component usb. Performing manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2023-20630. The attack is only possible with local access. There is not any exploit available. It is suggested to install a patch to address this issue.

Submit #636083 / VDB-321693

Submit #636082 / VDB-321692

A vulnerability classified as problematic has been found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T and MT8797. Impacted is an unknown function of the component adsp. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2023-20625. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability described as critical has been identified in MediaTek MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T and MT8797. This issue affects some unknown processing of the component vow. Executing manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2023-20624. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability marked as problematic has been reported in MediaTek MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8173, MT8532, MT8666, MT8667 and MT8788. This vulnerability affects unknown code of the component ion. Performing manipulation results in time-of-check time-of-use. This vulnerability is known as CVE-2023-20623. Attacking locally is a requirement. No exploit is available. To fix this issue, it is recommended to deploy a patch.

英伟达已经陷入小超预期就是不及预期的怪圈。