Aggregator

CVE-2025-22157: Privilege Escalation Vulnerability in Jira Core Data Center

Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)

gogs 0.13.0 - Remote Code Execution (RCE)

Microsoft SharePoint 2019 - NTLM Authentication

Moodle 4.4.0 - Authenticated Remote Code Execution

Microsoft SharePoint 2019存在NTLM认证漏洞，允许低权限或暴力破解的域账户访问敏感API端点，导致元数据泄露、凭证枚举及API滥用风险。该漏洞被评定为高危-关键级别。

文章描述了针对Gogs 0.13.0及以下版本的远程代码执行漏洞（CVE-2024-39930），展示了如何通过创建仓库、添加SSH密钥并利用git-upload-pack命令注入恶意代码来实现远程控制。该漏洞允许攻击者在目标服务器上执行任意命令。

文章描述了Moodle多个版本中存在的远程代码执行漏洞（CVE-2024-43425），通过构造特定请求利用测验功能实现代码执行。

Wing FTP Server 7.4.3及以下版本存在未认证远程代码执行漏洞（CVE-2025-47812），攻击者可通过注入NULL字节和Lua代码到用户名参数中，在访问特定功能时触发代码执行，获得服务器高权限（Linux为root，Windows为SYSTEM）。

作者分享了门铃灯泡除了照明外还能防止冷凝水的经验。

助力企业精准施策，加速数字化建设落地。

A vulnerability was found in Linux Kernel up to 6.12.18/6.13.6. It has been classified as critical. Affected is an unknown function of the component mctp i3c. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21903. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.19/6.13.7 and classified as critical. This issue affects some unknown processing of the component AMD GPU. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-21990. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.20/6.13.8 and classified as critical. Affected by this issue is some unknown functionality of the component Efivars Service. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21998. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.84/6.12.20/6.13.8 and classified as problematic. This vulnerability affects the function strscpy of the component ucan. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-22003. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.18/6.13.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deadlock. This vulnerability is known as CVE-2025-21911. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.20/6.13.8. Affected is an unknown function of the component huge_memory. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-22000. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.84/6.12.20/6.13.8 and classified as critical. This vulnerability affects the function kobject_get. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-22009. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.20/6.13.8. Affected is the function invalidate_cache of the component netfs. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-22002. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.19/6.13.7. This affects the function dce60_tg_funcs of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21989. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.