Aggregator

CVE-2025-38624 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 kernel/irq/msi.c pci_hp_remove_devices denial of service (Nessus ID 260280 / WID-SEC-2025-1898)

1 day 11 hours ago

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 and classified as critical. This impacts the function pci_hp_remove_devices of the file kernel/irq/msi.c. The manipulation results in denial of service. This vulnerability is identified as CVE-2025-38624. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-38622 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 net net/core/skbuff.c udp_rcv_segment denial of service (Nessus ID 266176 / WID-SEC-2025-1898)

Vuldb Updates

1 day 11 hours ago

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. This issue affects the function udp_rcv_segment of the file net/core/skbuff.c of the component net. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2025-38622. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

Go语言逆向工程实战 - 从数据结构到CTF解题

先知技术社区

1 day 11 hours ago

Go 语言作为一门新兴的编译型语言，近年来在云计算、微服务、区块链等领域得到了广泛应用。随着 Go 语言的普及，越来越多的程序开始使用 Go 语言编写，这也使得 Go 语言逆向成为了一个新的研究方向。Go 语言类似于 C 语言，编译后的目标文件是一个二进制文件，逆向的也是 native 代码，但是 Go 语言有一些独特的特性使得它的逆向分析既有挑战性又有一定的便利性

CVE-2023-46005 | SourceCodester Best Courier Management System 1.0 /edit_branch.php ID sql injection (EUVD-2023-50267)

Vuldb Updates

1 day 11 hours ago

A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit_branch.php. The manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2023-46005. The attack requires being on the local network. There is not any exploit available.

vuldb.com

CVE-2023-46004 | SourceCodester Best Courier Management System 1.0 update_user unrestricted upload (EUVD-2023-50266)

Vuldb Updates

1 day 11 hours ago

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as problematic. The affected element is the function update_user. Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-46004. Access to the local network is required for this attack to succeed. There is no exploit available.

vuldb.com

CVE-2023-46001 | GPAC 2.3-DEV-rev573-g201320819-master MP4Box isom_read.c denial of service (Issue 2629 / EUVD-2023-50263)

Vuldb Updates

1 day 11 hours ago

A vulnerability labeled as problematic has been found in GPAC 2.3-DEV-rev573-g201320819-master. Impacted is an unknown function of the file gpac/src/isomedia/isom_read.c of the component MP4Box. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2023-46001. The attack can only be executed locally. There is no exploit available. Applying a patch is advised to resolve this issue.

vuldb.com

CVE-2023-46003 | I-doit Pro index.php cross site scripting (EUVD-2023-50265)

Vuldb Updates

1 day 11 hours ago

A vulnerability identified as problematic has been detected in I-doit Pro. Impacted is an unknown function of the file index.php. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2023-46003. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

Sinobi

Dark Feed IO

1 day 11 hours ago

You must login to view this content

cohenido

Why PAM Implementations Struggle

Security Boulevard

1 day 11 hours ago

Privileged Access Management (PAM) is widely recognized as a foundational security control for Zero Trust, ransomware prevention, and compliance with frameworks such as NIST, ISO 27001, and SOC 2. Yet despite heavy investment, many organizations struggle to realize the promised value of PAM. Projects stall, adoption remains low, and security teams are left managing complex systems that deliver limited risk reduction. […]

The post Why PAM Implementations Struggle appeared first on 12Port.

The post Why PAM Implementations Struggle appeared first on Security Boulevard.

Peter Senescu

CVE-2025-71089 | Linux Kernel up to 6.6.119/6.12.63/6.18.3 IOMMU Driver use after free (Nessus ID 298928)

Vuldb Updates

1 day 11 hours ago

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.119/6.12.63/6.18.3. The affected element is an unknown function of the component IOMMU Driver. The manipulation results in use after free. This vulnerability was named CVE-2025-71089. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-71112 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1 net vlan_del_fail_bmap out-of-bounds (Nessus ID 298928 / WID-SEC-2026-0119)

Vuldb Updates

1 day 11 hours ago

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. It has been classified as critical. Affected is the function vlan_del_fail_bmap of the component net. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-71112. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-71085 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3 ipv6 net/core/skbuff.c pskb_expand_head infinite loop (Nessus ID 298928)

Vuldb Updates

1 day 11 hours ago

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. It has been declared as critical. This issue affects the function pskb_expand_head of the file net/core/skbuff.c of the component ipv6. Executing a manipulation can lead to infinite loop. This vulnerability is handled as CVE-2025-71085. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-68183 | Linux Kernel up to 6.6.116/6.12.57/6.17.7 ima privilege escalation (Nessus ID 298928 / WID-SEC-2025-2868)

Vuldb Updates

1 day 11 hours ago

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.116/6.12.57/6.17.7. Affected is an unknown function of the component ima. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-68183. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

Bleeping Computer.

1 day 11 hours ago

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. [...]

Bill Toulas

Zen-AI-Pentest: An Open-Source AI-Powered Penetration Testing Framework Worth Watching

Dark Web Informer - Cyber Threat Intelligence

1 day 11 hours ago

Zen-AI-Pentest: An Open-Source AI-Powered Penetration Testing Framework Worth Watching

Dark Web Informer

Space emerges as new front in great power competition, officials warn

The Record

1 day 12 hours ago

Space looks increasingly like the next arena of great power competition — crowded with satellites, vulnerable to disruption, and governed by rules written for a far simpler age.