Aggregator

A vulnerability, which was classified as problematic, was found in zephyrproject-rtos Zephyr up to 4.1.0. Affected by this vulnerability is an unknown functionality of the component BLE Connection Response Handler. The manipulation results in security check for standard. This vulnerability is cataloged as CVE-2025-10457. The attack must originate from the local network. There is no exploit available.

A vulnerability has been found in zephyrproject-rtos Zephyr up to 4.1.0 and classified as critical. Affected by this issue is some unknown functionality. This manipulation causes improper handling of length parameter inconsistency. This vulnerability is registered as CVE-2025-10458. The attack requires access to the local network. No exploit is available.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.1.0. It has been declared as problematic. This issue affects some unknown processing of the component Bluetooth Low Energy Handler. Executing manipulation can lead to integer overflow. This vulnerability appears as CVE-2025-10456. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.1 and classified as critical. This affects the function bt_conn_tx_processor. Such manipulation leads to write-what-where condition. This vulnerability is documented as CVE-2025-7403. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as problematic was found in Pegasystems Pega Infinity up to 24.2.2. This affects an unknown function of the component User Interface. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-8681. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in HCL BigFix Service Management 23. Impacted is an unknown function. This manipulation causes missing encryption of sensitive data. The identification of this vulnerability is CVE-2025-31977. It is possible to initiate the attack remotely. There is no exploit available.

Alleged Data Sale of Alles-fuer-Selbermacher

Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code

A vulnerability was found in Palo Alto Networks PAN-OS. It has been classified as critical. The impacted element is an unknown function of the component Management Web Interface. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-9474. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability has been found in M-Files Mobile up to 25.5.x on Android/iOS and classified as problematic. This impacts an unknown function of the component PDF File Handler. Performing manipulation results in open redirect. This vulnerability is identified as CVE-2025-2091. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in code-projects Client Details System 1.0. This affects an unknown function of the file /clientdetails/admin/index.php. Executing manipulation of the argument Username can lead to sql injection. This vulnerability is tracked as CVE-2025-6446. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Linux Kernel up to 6.12.17/6.13.5. It has been declared as critical. Affected by this vulnerability is the function IB_WC_WR_FLUSH_ERR of the component mlx5. Such manipulation leads to race condition. This vulnerability is traded as CVE-2025-21892. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Prosecutors accuse Tony Christopher Long of animal crushing, sexual exploitation of a minor, cyberstalking and extortion.

The post Alleged 764 member faces up to 69 years in prison for string of suspected violent crimes appeared first on CyberScoop.

Ukrainian government organizations continue facing relentless cyber threats from Russian-backed threat actors employing sophisticated evasion techniques to maintain persistent network access. Recent investigations have uncovered coordinated campaigns targeting critical infrastructure and government entities, with attackers deploying advanced tactics that circumvent traditional security defenses. These operations represent a significant escalation in targeting strategies, focusing on credential […]

The post Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics appeared first on Cyber Security News.

Whiteintel Corporate Alerts

A vulnerability, which was classified as problematic, has been found in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/regester.php. This manipulation of the argument fname/lname/email/contact causes cross site scripting. This vulnerability is registered as CVE-2023-7143. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Linux Kernel up to 6.13.5 and classified as problematic. Affected by this issue is some unknown functionality of the component mlx5. Such manipulation leads to memory leak. This vulnerability is documented as CVE-2025-21882. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.17/6.13.5. It has been classified as critical. Affected is the function destroy_unused_implicit_child_mr of the component mlx5. This manipulation causes improper update of reference count. This vulnerability appears as CVE-2025-21886. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.5. The impacted element is an unknown function of the component Socket Lifetime Handler. Performing manipulation results in improper update of reference count. This vulnerability is identified as CVE-2025-21884. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.