Aggregator

A vulnerability was found in Linux Kernel up to 6.15.7. It has been declared as critical. Affected is the function airoha_npu_get of the component net. Such manipulation leads to use after free. This vulnerability is documented as CVE-2025-38536. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been classified as problematic. This impacts the function regulator_is_enabled of the file drivers/regulator/core.c. This manipulation causes state issue. This vulnerability is registered as CVE-2025-38535. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.99/6.12.39/6.15.7 and classified as problematic. This affects the function do_reset of the file net/core/skbuff.c. The manipulation results in improper initialization. This vulnerability is cataloged as CVE-2025-38532. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.147/6.6.100/6.12.38/6.15.6 and classified as critical. The impacted element is the function exit_mmap of the component amdkfd. The manipulation leads to deadlock. This vulnerability is listed as CVE-2025-38520. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.38/6.15.6. The affected element is the function alloc_tag_top_users. Executing manipulation can lead to improper initialization. This vulnerability is tracked as CVE-2025-38517. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

这是曾思玉1957.7.23发表在《解放军报》上的文章

2025 年智能安全运营（ AI SOC） 市场格局 by ourren

BlackHat USA 2025 Slides by ourren

更多最新文章，请访问SecWiki

Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture.  The vulnerability allowed malicious websites to escape Chrome’s sandbox protection and execute arbitrary code on victim systems.  Key Takeaways1.Google paid researcher "Micky" a record amount for finding a critical Chrome vulnerability.2.The bug […]

The post Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery appeared first on Cyber Security News.

克罗地亚将其数字游民签证有效期从一年延长至三年，允许非欧盟居民及其近亲在该国远程工作和生活。数字游民签证是一种短期签证，大部分国家的数字游民签证有效期是六个月到一年。克罗地亚更新了它的政策，允许最长三年，而且允许亲密的家庭成员加入，所谓亲密家庭成员指的是同居三年以上但无子女的伴侣，或同居短于三年有子女的伴侣。当地官员表示此举旨在吸引更多人才前来该国工作和生活。克罗地亚的生活成本较低，但仍需改善其网络基础设施。

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.  The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high severity. The flaw stems from the deserialization of untrusted data in Web Deploy, classified under […]

The post Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Skydweller готов сражаться за родину.

A vulnerability, which was classified as critical, has been found in Wachipi WP Events Calendar Plugin 1.0 on WordPress. This vulnerability affects unknown code of the file event.php. The manipulation of the argument event_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-5315. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SnapCreek Duplicator Plugin 1.2.32 on Windows. It has been rated as problematic. Affected is an unknown function of the file installer/build/view.step4.php. The manipulation of the argument json as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-7543. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Contact Form 7 to Database Extension Plugin 2.10.32 on WordPress. This affects an unknown part of the file ExportToCsvUtf8.php. The manipulation as part of Spreadsheet leads to improper input validation. This vulnerability is uniquely identified as CVE-2018-9035. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Caldera Forms Plugin up to 1.5.x on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2018-7747. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress Comments Import and Export up to 2.0.3 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to injection. This vulnerability is traded as CVE-2018-11526. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Booking Calendar Plugin 8.4.3 on WordPress. This vulnerability affects unknown code. The manipulation of the argument booking_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-20556. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in 99 Robots WP Background Takeover Advertisements Plugin up to 4.1.4 on WordPress. Affected by this vulnerability is an unknown functionality of the file exports/download.php. The manipulation of the argument filename with the input .. as part of Parameter leads to path traversal. This vulnerability is known as CVE-2018-9118. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The identification of this vulnerability is CVE-2025-8933. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. This vulnerability is traded as CVE-2025-8934. It is possible to launch the attack remotely. Furthermore, there is an exploit available.