Aggregator

A vulnerability marked as critical has been reported in Linux Kernel up to 5.10.180/5.15.112/6.1.29/6.3.3. This impacts the function b15_dma_inv_range of the component wifi. Performing manipulation results in memory corruption. This vulnerability is identified as CVE-2023-53315. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.149/6.6.103/6.12.44/6.16.4/6.17-rc3. This issue affects the function rose_rt_free of the component net. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2025-39827. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Submit #650177 / VDB-324645

Submit #650169 / VDB-318606

Submit #650095 / VDB-282869

Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious security flaw affecting legacy Apple devices. Active Exploitation Confirmed The vulnerability, tracked as CVE-2025-43300, represents […]

The post Apple Patches 0-Day Vulnerabilities in Older iPhones and iPads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #650030 / VDB-276502

Siren announced the launch of K9, an AI companion designed to transform the way investigators uncover threats and connections. K9 is fast, dependable and mission-focused, built to guard, protect, and serve those on the front lines of keeping communities and nations safe. “K9 is more than an AI companion, it’s a loyal partner,” said Jeferson Zanim, CPO at Siren. “We designed it to feel like a trusted colleague. Always ready, always reliable and focused on … More →

The post Siren’s K9 uses AI to turn complex investigations into actionable insights appeared first on Help Net Security.

A vulnerability marked as critical has been reported in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2025-10617. The attack may be initiated remotely. In addition, an exploit is available.

Submit #649980 / VDB-309959

Submit #649959 / VDB-196564

Submit #649963 / VDB-323842

Submit #649962 / VDB-323841

A vulnerability labeled as critical has been found in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-10616. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-10615. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #649958 / VDB-324644

Submit #649948 / VDB-324644

A vulnerability categorized as problematic has been discovered in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0 on COVID. This affects an unknown function of the file /print_reports_prev.php. Executing manipulation of the argument profile_id can lead to cross site scripting. This vulnerability is registered as CVE-2025-10614. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in mmaitre314 picklescan up to 0.0.30. It has been rated as critical. The impacted element is an unknown function. Performing manipulation results in handling of exceptional conditions. This vulnerability is cataloged as CVE-2025-10156. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in itsourcecode Student Information System 1.0. It has been declared as critical. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument level_id leads to sql injection. This vulnerability is listed as CVE-2025-10613. The attack may be performed from remote. In addition, an exploit is available.