Aggregator

CVE-2025-9760 | Portabilis i-Educar up to 2.10 Matricula API /module/Api/matricula improper authorization

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Portabilis i-Educar up to 2.10 and classified as critical. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. This vulnerability is registered as CVE-2025-9760. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

PureHVNC RAT Developers Leverage GitHub Host Source Code

Cyber Security News
3 weeks 5 days ago

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […]

The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2024-40974 | Linux Kernel up to 6.9.6 on LLVM plpar_hcall array index (Nessus ID 207802)

Vuldb Updates
3 weeks 5 days ago
A vulnerability has been found in Linux Kernel up to 6.9.6 on LLVM and classified as problematic. The impacted element is the function plpar_hcall. This manipulation causes improper validation of array index. This vulnerability is tracked as CVE-2024-40974. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2024-40979 | Linux Kernel up to 6.9.6 ath12k_qmi_msg_mem_request_cb allocation of resources (bb50a4e711ff/303c017821d8)

Vuldb Updates
3 weeks 5 days ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.9.6. Affected by this vulnerability is the function ath12k_qmi_msg_mem_request_cb. Such manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-40979. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-40993 | Linux Kernel up to 6.1.95/6.6.35/6.9.6/6.10-rc3/6.10-rc4 ipset rcu_dereference_protected null pointer dereference (Nessus ID 213470)

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Linux Kernel up to 6.1.95/6.6.35/6.9.6/6.10-rc3/6.10-rc4. It has been rated as critical. This impacts the function rcu_dereference_protected of the component ipset. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2024-40993. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2024-40978 | Linux Kernel up to 6.9.6 qedi_dbg_do_not_recover_cmd_read stack-based overflow (Nessus ID 207802)

Vuldb Updates
3 weeks 5 days ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.9.6. The impacted element is the function qedi_dbg_do_not_recover_cmd_read. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-40978. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2024-40940 | Linux Kernel up to 6.1.94/6.6.34/6.9.5 mlx5_lag_create_port_sel_table double free (Nessus ID 209512)

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Linux Kernel up to 6.1.94/6.6.34/6.9.5. It has been classified as problematic. Impacted is the function mlx5_lag_create_port_sel_table. Performing manipulation results in double free. This vulnerability was named CVE-2024-40940. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-40943 | Linux Kernel up to 6.9.5 ocfs2_remove_extent allocation of resources (Nessus ID 207802)

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Linux Kernel up to 6.9.5. It has been rated as problematic. The impacted element is the function ocfs2_remove_extent. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2024-40943. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-1087 | Kong Insomnia Desktop Application up to 11.0.2 Template cross site scripting (EUVD-2025-14165)

Vuldb Updates
3 weeks 5 days ago
A vulnerability classified as problematic has been found in Kong Insomnia Desktop Application up to 11.0.2. This affects an unknown function of the component Template Handler. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-1087. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-40953 | Linux Kernel up to 6.1.95/6.6.35/6.9.6 kvm_vcpu_on_spin out-of-bounds (Nessus ID 210654)

Vuldb Updates
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.95/6.6.35/6.9.6. Impacted is the function kvm_vcpu_on_spin. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-40953. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2024-40968 | Linux Kernel up to 6.9.6 Octeon denial of service (Nessus ID 207802)

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Linux Kernel up to 6.9.6. It has been declared as critical. Impacted is an unknown function of the component Octeon. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2024-40968. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-40942 | Linux Kernel up to 6.9.5 mesh_path_flush_pending information disclosure (Nessus ID 207802)

Vuldb Updates
3 weeks 5 days ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.9.5. Affected by this issue is the function mesh_path_flush_pending. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-40942. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Many networking devices are still vulnerable to pixie dust attack

Help Net Security
3 weeks 5 days ago

Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, NetRise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS) allows users to connect to their network by using an eight-digit pin instead of a password. “[A pixie dust attack] targets weaknesses in the Wi-Fi Protected Setup protocol, exploiting poor entropy in key generation,” the company … More →

The post Many networking devices are still vulnerable to pixie dust attack appeared first on Help Net Security.

Zeljka Zorz

CVE-2025-55904 | Open5GS up to 2.7.5 lib/sbi/message.c parse_multipart null pointer dereference (ID 3942 / EUVD-2025-29720)

Vuldb Updates
3 weeks 5 days ago
A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. This impacts the function parse_multipart in the library lib/sbi/message.c. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-55904. The attack needs to be approached within the local network. There is no available exploit. It is recommended to apply a patch to fix this issue.
vuldb.com

Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released

Cyber Security News
3 weeks 5 days ago

A critical security flaw has been discovered in Greenshot, a popular open-source screenshot utility for Windows. The vulnerability allows a local attacker to execute arbitrary code within the Greenshot process, potentially enabling them to bypass security measures and carry out further attacks. A proof-of-concept (PoC) exploit has been released, demonstrating the severity of the issue. […]

The post Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released appeared first on Cyber Security News.

Guru Baran

DEF CON 33: Andra Lezza On Being A DC Speake

Security Boulevard
3 weeks 5 days ago

Creators, Authors and Presenters: Helvetigoth interviews Andra Lezza

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Andra Lezza On Being A DC Speake appeared first on Security Boulevard.

Marc Handelman

Managed ad