Aggregator

CVE-2025-68221 | Linux Kernel up to 6.17.9 mptcp mptcp_pm_nl_rm_addr state issue (Nessus ID 278973 / WID-SEC-2025-2868)

Vuldb Updates
4 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.17.9. The impacted element is the function mptcp_pm_nl_rm_addr of the component mptcp. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2025-68221. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-68215 | Linux Kernel up to 6.12.59/6.17.9 ice/ice_adapter.c ice_ptp_cleanup_pf initialization (Nessus ID 298236 / WID-SEC-2025-2868)

Vuldb Updates
4 months ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.59/6.17.9. This affects the function ice_ptp_cleanup_pf of the file ice/ice_adapter.c. Such manipulation leads to improper initialization. This vulnerability is documented as CVE-2025-68215. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-68216 | Linux Kernel up to 6.17.9 LoongArch bpf_selftests information disclosure (Nessus ID 279004 / WID-SEC-2025-2868)

Vuldb Updates
4 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.17.9. This issue affects the function bpf_selftests of the component LoongArch. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2025-68216. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-68212 | Linux Kernel up to 6.17.9 fs statmount_string uninitialized pointer (Nessus ID 278917 / WID-SEC-2025-2868)

Vuldb Updates
4 months ago
A vulnerability was found in Linux Kernel up to 6.17.9 and classified as critical. The impacted element is the function statmount_string of the component fs. The manipulation results in uninitialized pointer. This vulnerability is identified as CVE-2025-68212. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-68209 | Linux Kernel up to 6.17.8 mlx5_add_cq_to_tasklet initialization (Nessus ID 296481 / WID-SEC-2025-2868)

Vuldb Updates
4 months ago
A vulnerability was found in Linux Kernel up to 6.17.8. It has been classified as critical. This issue affects the function mlx5_add_cq_to_tasklet. Performing a manipulation results in improper initialization. This vulnerability is reported as CVE-2025-68209. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

Cybersecurity Companies’ Stocks Fall Sharply as Anthropic Releases Claude Security Tool

Cyber Security News
4 months ago

Shares of major cybersecurity companies nosedived on Friday after AI startup Anthropic unveiled Claude Code Security, a new AI-powered tool capable of autonomously scanning codebases for software vulnerabilities and suggesting targeted patches sparking fears that artificial intelligence could begin displacing traditional enterprise security solutions. Anthropic announced Claude Code Security on February 19, 2026, as a […]

The post Cybersecurity Companies’ Stocks Fall Sharply as Anthropic Releases Claude Security Tool appeared first on Cyber Security News.

Guru Baran

New Shai-Hulud–like npm Worm Attack 19+ Packages to Steal dev/CI Secrets

Cyber Security News
4 months ago

A new supply chain worm is actively targeting the npm ecosystem, with a research team identifying at least 19 malicious npm packages designed to steal developer and CI/CD secrets and automatically spread across repositories and workflows. The campaign, tracked as SANDWORMMODE, uses typosquatted npm packages and poisoned GitHub Actions to infect both developer machines and […]

The post New Shai-Hulud–like npm Worm Attack 19+ Packages to Steal dev/CI Secrets appeared first on Cyber Security News.

Abinaya

微软游戏业务高管离职,接替者来自 AI 部门

Solidot
4 months ago
微软 Xbox 和游戏业务 CEO Phil Spencer 在公司工作 38 年之后离职,被广泛视为其接任者的 Xbox 总裁 Sarah Bond 也已辞职,游戏业务的新 CEO 将是负责 CoreAI 产品的 Asha Sharma。Spencer 是在 2014 年 3 月被任命为 Xbox 负责人,他任内推出了游戏订阅服务 Xbox Game Pass,最为人所知的事情可能是以 690 亿美元收购动视暴雪。他还收购了一系列游戏工作室,其中包括 2020 年以 75 亿美元收购 Bethesda 母公司 ZeniMax,完全控制了著名的游戏 IP 如 《辐射》和《上古卷轴》(Bethesda)、《毁灭战士》和《雷神之锤》(id Software)。

CVE-2025-58034

CVE Trends
4 months ago
Currently trending CVE - Hype Score: 1 - An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 ...

CVE-2025-64446

CVE Trends
4 months ago
Currently trending CVE - Hype Score: 1 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via ...

CVE-2026-2617 | Beetel 777VR1 up to 01.00.09 Telnet Service/SSH Service insecure default initialization of resource

Vuldb Updates
4 months ago
A vulnerability was found in Beetel 777VR1 up to 01.00.09 and classified as critical. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. This vulnerability is identified as CVE-2026-2617. The attack can only be performed from the local network. Additionally, an exploit exists. Applying restrictive firewalling is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-2618 | Beetel 777VR1 up to 01.00.09 SSH Service risky encryption

Vuldb Updates
4 months ago
A vulnerability was found in Beetel 777VR1 up to 01.00.09. It has been classified as problematic. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. This vulnerability is tracked as CVE-2026-2618. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to increase the level of encryption. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-2622 | Blossom up to 1.17.1 Article Title ArticleController.java content cross site scripting

Vuldb Updates
4 months ago
A vulnerability labeled as problematic has been found in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-2622. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad