Aggregator

CVE-2025-22061 | Linux Kernel up to 6.14.1 airoha_tc_get_htb_get_leaf_queue state issue (Nessus ID 240657 / WID-SEC-2025-0844)

Vuldb Updates
6 days 3 hours ago
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.14.1. The affected element is the function airoha_tc_get_htb_get_leaf_queue. This manipulation causes state issue. This vulnerability appears as CVE-2025-22061. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-22064 | Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1 nf_tables privilege escalation (Nessus ID 237088 / WID-SEC-2025-0844)

Vuldb Updates
6 days 3 hours ago
A vulnerability was found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component nf_tables. Performing manipulation results in privilege escalation. This vulnerability is identified as CVE-2025-22064. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations

Cyber Security News
6 days 4 hours ago

Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly began abusing it after proof-of-concept code became publicly available on GitHub. Sophos telemetry […]

The post Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations appeared first on Cyber Security News.

Guru Baran

李想谈万台MEGA召回:生命只有一次;传明年AirPods配摄像头+AI;神舟二十一飞船发射成功,对接速度创纪录 | 极客早知道

不安全
6 days 4 hours ago
嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看文章内容。 文章标题是“环境异常”,内容提到当前环境异常,完成验证后可以继续访问,并有一个“去验证”的按钮。看起来这是一条提示信息,告诉用户需要进行验证才能继续使用服务。 那我需要把重点放在环境异常和需要验证上。同时要控制在100字以内,所以得简洁明了。 可能的总结:当前环境出现异常,需完成验证后方可继续访问。这样刚好16个字,符合要求。 或者稍微详细一点:由于环境异常,用户需完成验证后才能继续访问。这样20个字左右。 嗯,感觉第一种更简洁,符合用户的要求。 当前环境出现异常,需完成验证后方可继续访问。

The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM

Security Boulevard
6 days 4 hours ago

Twilio acquiring Stytch signals a major shift in developer CIAM. I've analyzed 20+ platforms—from Descope to Keyclock—to show you which deliver on Auth0's promise without the lock-in. OpenID standards, AI agent auth, and what actually matters when choosing your identity platform.

The post The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM appeared first on Security Boulevard.

Deepak Gupta - Tech Entrepreneur, Cybersecurity Author

The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM

不安全
6 days 4 hours ago
嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内。首先,我需要通读文章,抓住主要观点。文章主要讲的是Twilio收购Stytch,这在开发者社区引起了很大反响。作者认为这次收购不仅仅是技术上的整合,更是对客户身份和访问管理(CIAM)领域的一次重大变革。 接下来,我注意到文章提到了Auth0被Okta收购后的一些变化,以及开发者对更友好、更开放的CIAM平台的需求。然后,作者详细介绍了几个竞争对手的情况,比如Descope、FusionAuth、MojoAuth等,分析了它们各自的优缺点。 此外,文章还讨论了现代认证方法的重要性,如无密码认证、AI代理认证等,并强调了基于开放标准的架构对于避免供应商锁定的重要性。最后,作者指出Twilio和Stytch的结合有可能成为新的行业标准,并对未来的发展趋势进行了展望。 总结的时候,我需要把重点放在收购的意义、对开发者的影响以及未来的发展方向上。控制在100字以内的话,可能需要精简到关键点:收购带来的变化、开发者友好平台的重要性、现代认证方法以及未来的市场影响。 现在把这些点整合成一个简洁的中文摘要。 Twilio收购Stytch标志着客户身份与访问管理(CIAM)领域的重大变革。此次收购整合了Twilio的开发者信任与Stytch的现代认证技术,为市场提供了真正基于开放标准的开发者友好平台。随着AI代理和现代应用需求的增长,该组合将推动行业向更灵活、安全且标准化的方向发展。

INC

Dark Feed IO
6 days 4 hours ago

You must login to view this content

cohenido

CVE-2018-1321 | Apache Syncope up to 1.2.10/2.0.7 XSLT input validation (EDB-45400 / BID-103508)

Vuldb Updates
6 days 4 hours ago
A vulnerability, which was classified as critical, has been found in Apache Syncope up to 1.2.10/2.0.7. This affects an unknown function of the component XSLT Handler. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2018-1321. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2018-1322 | Apache Syncope up to 1.2.10/2.0.7 Search fiql/orderby information disclosure (EDB-45400 / BID-103507)

Vuldb Updates
6 days 4 hours ago
A vulnerability, which was classified as problematic, was found in Apache Syncope up to 1.2.10/2.0.7. This impacts an unknown function of the component Search. The manipulation of the argument fiql/orderby as part of Parameter results in information disclosure. This vulnerability is identified as CVE-2018-1322. The attack can be executed remotely. Additionally, an exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2018-14485 | BlogEngine.NET 3.3 POST Body metaweblog.axd xml external entity reference (ID 151063 / EDB-46106)

Vuldb Updates
6 days 4 hours ago
A vulnerability was found in BlogEngine.NET 3.3 and classified as critical. This issue affects some unknown processing of the file metaweblog.axd of the component POST Body Handler. Executing manipulation can lead to xml external entity reference. This vulnerability is handled as CVE-2018-14485. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2018-5359 | Flexense SysGauge 3.6.18 Service Port 9221 memory corruption (ID 145900 / EDB-43588)

Vuldb Updates
6 days 4 hours ago
A vulnerability identified as critical has been detected in Flexense SysGauge 3.6.18. Impacted is an unknown function of the component Service Port 9221. Performing manipulation results in memory corruption. This vulnerability is cataloged as CVE-2018-5359. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to use restrictive firewalling.
vuldb.com

CVE-2018-20221 | Deltek Ajera Timesheets up to 9.10.16 Deserialization Secure/SAService.rem deserialization (EDB-46086)

Vuldb Updates
6 days 4 hours ago
A vulnerability was found in Deltek Ajera Timesheets up to 9.10.16. It has been rated as critical. This impacts an unknown function of the file Secure/SAService.rem of the component Deserialization. Performing manipulation results in deserialization. This vulnerability was named CVE-2018-20221. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to use restrictive firewalling.
vuldb.com

CVE-2018-12589 | Polaris Office 2017 8.1 puiframeworkproresenu.dll untrusted search path (ID 148312 / EDB-44985)

Vuldb Updates
6 days 4 hours ago
A vulnerability marked as critical has been reported in Polaris Office 2017 8.1. The impacted element is an unknown function in the library puiframeworkproresenu.dll. This manipulation causes untrusted search path. This vulnerability is handled as CVE-2018-12589. It is possible to launch the attack on the local host. Additionally, an exploit exists.
vuldb.com

Managed ad