Aggregator

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been classified as critical. Affected is the function sof_ipc_msg_data. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21847. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in RuoYi 4.8.0 and classified as critical. Affected by this issue is the function editSave of the component Setting Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-28403. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in RuoYi 4.8.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument jobId leads to privilege escalation. The identification of this vulnerability is CVE-2025-28402. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in RuoYi 4.8.0. Affected is the function changeStatus. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-28405. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in CS2-WeaponPaints-WebSite 2.1.7 and classified as problematic. This vulnerability affects unknown code of the file errorpage.php. The manipulation of the argument errorcode leads to cross site scripting. This vulnerability was named CVE-2025-29594. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in NAKIVO Backup & Replication Director up to 11.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Director NBR Component. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-32406. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple Safari 10.5. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2009-0123. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Berkeley Boinc Client 6.4.5 and classified as problematic. This issue affects the function RSA_public_decrypt in the library lib/crypt.cpp. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2009-0126. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Perl-openssl libcrypt-openssl-dsa-perl. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2009-0129. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Amarok 1.4.10/2.0/2.0.1. It has been classified as very critical. This affects the function Audible::Tag::readTag. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2009-0136. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

It’s the first public break in the case that might be the largest breach of American schoolchildren's data.

The post Massachusetts man will plead guilty in PowerSchool hack case appeared first on CyberScoop.

A vulnerability was found in Freewebscriptz Freelancers 1.0. It has been classified as problematic. This affects an unknown part of the file placebid.php. The manipulation of the argument jobid leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-3593. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

这个话题比较有意思，因为我们这几年也做了自己的研发安全平台，其初衷主要有以下几点： 1、业务驱动：各种安全扫描工具比较多，产线使用起来很麻烦，做了平台之后安全扫描工具的扫描结果可以都发到平台上，统一处理和管理； 2、效能提升：研发安全团队的各类工具，比如安全测试报告生成工具都集成到平台，产品线就能生成报告；与其他系统打通，又可以提升效率； 3、成果展示：类似态势感知的大屏展示，可以把安全团队/个人／产品线的指标做实时的展示和分析，快速输出数据做汇报和对外展示。 这其实都是研发安全发展到一定阶段的必定产物，也许有人会说为什么不把这些数据放到devops平台、bug管理系统？其实也可，具体缘由不由分说。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ 软件安全领域有哪些成熟度模型？ 如何在隔离环境中修复大量的Java漏洞？ SDL 62/100问：如何处理扫描出的三方组件开源协议风险？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下的研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

A vulnerability has been found in Nokaut Offers Box Plugin up to 1.4.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-10634. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Xpdf 4.04. This affects the function gfseek of the file goo/gfile.cc. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-41842. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Xpdf 4.04. This vulnerability affects the function convertToType0 of the file fofi/FoFiType1C.cc. The manipulation leads to denial of service. This vulnerability was named CVE-2022-41843. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Responsive Contact Form Builder & Lead Generation Plugin up to 1.9.7 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10475. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Ampere Altra and AltraMax up to 2022-07-15 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2022-35888. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in wolfSSL up to 5.5.0. It has been classified as critical. This affects an unknown part of the component TLS 1.3 Handshake Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-39173. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Xpdf 4.04. This issue affects the function XRef::fetch of the file xpdf/XRef.cc. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-41844. The attack may be initiated remotely. There is no exploit available.