Aggregator

Submit #607818 / VDB-316096

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. This vulnerability is uniquely identified as CVE-2025-7450. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.14.7. Affected is the function nfs_get_lock_context. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38023. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.3-rc3. This affects the function slimpro_i2c_blkwr of the file drivers/i2c/busses/i2c-xgene-slimpro.c of the component i2c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-2194. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.8 and classified as critical. Affected by this issue is the function cond_resched. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-53051. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects unknown code of the component Traffic Control Subsystem. The manipulation leads to denial of service. This vulnerability was named CVE-2022-4269. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #607799 / VDB-316095

The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities

AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality. These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions. Rated at […]

The post AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Метрики отправляются автоматически — без уведомлений и диалогов.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2‘ (CVSS v4.0 Base Score […]

美国网络安全和基础设施安全局（CISA）将Citrix NetScaler ADC和Gateway的漏洞CVE-2025-5777（“CitrixBleed 2”）加入已知被利用漏洞目录。该漏洞CVSS评分9.3，允许未认证攻击者窃取会话cookie，影响多个版本的NetScaler设备。研究人员发现该漏洞与CVE-2023-4966类似，并已有针对该漏洞的攻击活动。CISA要求联邦机构于2025年7月11日前修复此漏洞。

文章讲述了Alice和Bob如何将密码学从数学公式转化为人类故事，并介绍了围绕他们的一系列角色（如Eve、Mallory、Trent、Peggy和Victor），每个角色代表不同的安全挑战与解决方案。通过戏剧化的叙事方式，这些人物帮助理解数字信任的复杂性，并强调了密码学不仅是技术，更是人类关系的体现。

意大利艾米利亚-罗马涅大区的计算机安全事件响应团队（CSIRT-RER）成立于2022年，旨在为公共机构提供网络安全支持。该团队通过安全评估、培训、威胁情报等服务提升机构的网络安全能力，并与国家及国际组织合作以增强整体防御能力。

The Rockerbox breach burst onto the threat-intelligence radar in early July 2025 when an unencrypted, 286.9 GB cloud repository holding 245,949 highly sensitive records was found openly indexed on the internet. Investigators traced the trove to Rockerbox, a Dallas-based tax-credit consultancy serving employers nationwide; the cache contained driver’s licenses, DD214 military discharge forms, payroll tax […]

The post Rockerbox Data Leak – 245,949 User Records Exposed Including SSNs and Driver’s Licenses appeared first on Cyber Security News.

A vulnerability classified as critical has been found in LabRedesCefetRJ WeGIA up to 3.4.0. Affected is an unknown function of the file /controle/relatorio_geracao.php. The manipulation of the argument almox leads to sql injection. This vulnerability is traded as CVE-2025-53527. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile_familiar.php. The manipulation of the argument id_dependente leads to cross site scripting. This vulnerability is handled as CVE-2025-53525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.