Aggregator

CVE-2025-40262 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 imx_sc_key_action memory corruption (EUVD-2025-201195 / Nessus ID 277527)

Vuldb Updates
4 months ago
A vulnerability was found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. It has been declared as critical. This vulnerability affects the function imx_sc_key_action. The manipulation results in memory corruption. This vulnerability is identified as CVE-2025-40262. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40261 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 nvme_fc_delete_ctrl information disclosure (EUVD-2025-201196 / Nessus ID 277521)

Vuldb Updates
4 months ago
A vulnerability classified as critical was found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. This affects the function nvme_fc_delete_ctrl. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-40261. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-40260 | Linux Kernel up to 6.17.9 scx_enable null pointer dereference (Nessus ID 277531 / WID-SEC-2025-2747)

Vuldb Updates
4 months ago
A vulnerability was found in Linux Kernel up to 6.17.9. It has been classified as critical. This affects the function scx_enable. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-40260. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-40259 | Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 scsi sg_finish_rem_req privilege escalation (EUVD-2025-201198 / Nessus ID 277529)

Vuldb Updates
4 months ago
A vulnerability was found in Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 and classified as critical. Affected by this issue is the function sg_finish_rem_req of the component scsi. Executing a manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2025-40259. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-40258 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 mptcp lib/refcount.c mptcp_schedule_work use after free (EUVD-2025-201199 / Nessus ID 277507)

Vuldb Updates
4 months ago
A vulnerability has been found in Linux Kernel up to 6.6.117/6.12.59/6.17.9 and classified as critical. Affected by this vulnerability is the function mptcp_schedule_work in the library lib/refcount.c of the component mptcp. Performing a manipulation results in use after free. This vulnerability was named CVE-2025-40258. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-40257 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 mptcp_pm_del_add_timer use after free (EUVD-2025-201200 / Nessus ID 277516)

Vuldb Updates
4 months ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. The impacted element is the function mptcp_pm_del_add_timer. Executing a manipulation of the argument add_timer can lead to use after free. This vulnerability is registered as CVE-2025-40257. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-40256 | Linux Kernel up to 6.17.9 xfrm_state_delete_tunnel initialization (EUVD-2025-201201 / Nessus ID 277515)

Vuldb Updates
4 months ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.17.9. The impacted element is the function xfrm_state_delete_tunnel. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-40256. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-2968 | Cesanta Mongoose up to 7.20 Poly1305 Authentication Tag /src/tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification (Nessus ID 299832)

Vuldb Updates
4 months ago
A vulnerability categorized as critical has been discovered in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. This vulnerability is cataloged as CVE-2026-2968. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-27017 | refraction-networking utls up to 1.8.0 a cryptographic primitive with a risky implementation (GHSA-7m29-f4hw-g2vx / Nessus ID 299829)

Vuldb Updates
4 months ago
A vulnerability was found in refraction-networking utls up to 1.8.0 and classified as problematic. The affected element is an unknown function. Such manipulation leads to use of a cryptographic primitive with a risky implementation. This vulnerability is listed as CVE-2026-27017. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CrowdStrike Analysis Paints Worsening Cybersecurity Picture

Security Boulevard
4 months ago

A report published by CrowdStrike today finds the average breakout time for a cyberattack in 2025 has been reduced to 29 minutes, representing a 65% year-over-year reduction. At the same time, CrowdStrike is also reporting there was a 42% increase in the number of zero-day vulnerabilities being exploited prior to public disclosure. Additionally, 82% of..

The post CrowdStrike Analysis Paints Worsening Cybersecurity Picture appeared first on Security Boulevard.

Michael Vizard

Why Claude Code Security Has Shaken the Cybersecurity Market

DataBreachToday.com
4 months ago
How Claude's New AI Code Scanning Tool Will Challenge Application Security Leaders
Anthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

The Danger of IT, OT, Medical Device Cyber Turf Wars

DataBreachToday.com
4 months ago
What often appears to be turf wars between healthcare technology management, facilities OT staff, IT departments and security teams are often the result of unclear ownership and accountability for device security. And that presents safety risks to patients, says Mohammed Waqas, CTO of Armis.

Managed ad