Aggregator

卷王新姿势，重大在安全副本开AI外挂！

引领安全智能体发展

A vulnerability was found in Linux Kernel up to 6.12.33/6.15.2. It has been declared as critical. This vulnerability affects the function usb_acpi_add_usb4_devlink of the component acpi. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38134. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.33/6.15.2. It has been classified as critical. This affects the function dm_get_live_table. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-38141. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2 and classified as problematic. Affected by this issue is the function dm_revalidate_zones. The manipulation of the argument nr_zones leads to allocation of resources. This vulnerability is handled as CVE-2025-38140. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.2 and classified as problematic. Affected by this vulnerability is the function netfs_retry_write_stream in the library lib/iov_iter.c. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-38139. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Сколько стоит предательство, если ты знаешь цену выкупа?

地球上的大部分水资源都是海水，由于盐分过高而无法饮用。海水淡化厂可将海水淡化处理成饮用水，然而该过程需要消耗大量能源。香港研究团队在《ACS Energy Letters》发表研究成果，其研发出一种具有长链微气囊结构的海绵结构材料，结合阳光照射与简易塑料罩，成功实现盐水资源向淡水的转化。一项户外原理验证实验成功在自然光照条件下产出可直接饮用的淡水，标志着实现低能耗可持续海水淡化技术的重大进展。在户外测试中，研究人员将这种材料置于盛有海水的蒸发容器中，上方覆盖弧形透明塑料罩。阳光加热海绵结构材料顶部时，仅会将水分蒸发为水蒸气（盐分会被阻隔）。蒸气在塑料罩内壁凝结为液态水，沿罩壁汇集至边缘，最终滴入蒸发容器下方的漏斗中，以另一容器盛放。经过 6 小时自然光照，该系统最终产出约 3 汤匙的饮用水。

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]

A vulnerability was found in Azure AD Plugin up to 303.va_91ef20ee49f on Jenkins. It has been classified as problematic. Affected is an unknown function. The manipulation leads to session expiration. This vulnerability is traded as CVE-2023-24426. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Rack Gem on Ruby. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Content-Disposition Parser. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-44571. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft .NET 6.0. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-21538. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in XpressEngine XE3. It has been rated as critical. This issue affects some unknown processing of the component Image File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2021-26642. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in rancher wrangler and classified as problematic. This vulnerability affects unknown code of the component Git Credentials Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2022-43756. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in visualexpert Plugin up to 1.3 on Jenkins. It has been rated as critical. Affected by this issue is some unknown functionality of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is handled as CVE-2023-24455. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in pyload up to 0.5.0b3.dev42 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2023-0509. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Rancher. This vulnerability affects unknown code of the component cattle-token Handler. The manipulation leads to insufficiently random values. This vulnerability was named CVE-2022-43755. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

13 岁少年成微软最年轻安全研究员

快来参与活动～京东59元包邮，欢迎下单！

看雪论坛作者ID：yirucandy