Aggregator

A vulnerability has been found in Linux Kernel up to 6.14.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component rtsx_usb_ms. The manipulation leads to use after free. This vulnerability is known as CVE-2025-22020. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. It has been classified as problematic. Affected is an unknown function of the file kernel/locking/mutex.c. The manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2025-21824. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2. This affects the function cdns_uart_isr of the component xilinx_uartps. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-21820. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2/6.14-rc1. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

国际研究团队首次确定了太阳以外的恒星周围开始形成行星的时刻，这是人类首次观察到行星系统形成的早期阶段，并为我们探索自身太阳系的起源提供全新视角。这颗诞生中的行星系统围绕着一颗名为 HOPS 315 的原恒星运转，HOPS 315 距离我们约 1,300 光年，与新生的太阳类似。在太阳系中，最早在地球目前绕太阳位置附近凝结的固体物质被发现藏在古老的陨石中。天文学家对这些原始岩石进行年代测定，以确定太阳系形成的起始时间。这些陨石富含一氧化硅(SiO) 的晶体矿物，可以在年轻行星盘的极高温度下凝结。随着时间的推移，这些新凝结的固体会结合在一起，随着它们的体积和质量的增加，为行星的形成播下了种子。太阳系中第一批几千米大小的行星，最终发展成像地球或木星核心这样的行星，正是在这些晶体矿物凝结后形成的。天文学家在新的发现中，找到了这些热矿物在 HOPS-315 周围的圆盘中开始凝结的证据。研究结果显示，SiO 以气态存在于这颗宝宝恒星周围，也存在于这些结晶矿物中，这表示它才刚开始凝固。研究人员表示这个过程从未在原行星盘，甚至在我们太阳系以外的任何地方出现过。

A vulnerability was found in Pro-face Pro-Server EX up to 1.23.000. It has been classified as problematic. This affects an unknown part of the file ProServr.exe of the component C Runtime. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-3795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2. Affected by this vulnerability is an unknown functionality of the file ptp_s390.c of the component ptp. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21814. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been rated as critical. Affected by this issue is the function ax25_setsockopt of the component ax25. The manipulation leads to deadlock. This vulnerability is handled as CVE-2025-21812. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Как бесплатный фильм превращается в цифровую ловушку.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiWeb flaw, tracked as CVE-2025-25257, to its Known Exploited Vulnerabilities (KEV) catalog. Hackers began exploiting the critical Fortinet FortiWeb flaw CVE-2025-25257 (CVSS score of 9.6) on the same day a proof-of-concept (PoC) exploit […]

A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-7889. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been declared as problematic. Affected by this vulnerability is the function rxrpc_peer. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2025-21809. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.12/6.13.1. Affected by this issue is the function kunit_kzalloc of the component firewire. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21798. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is the function rht_grow_above_75 of the component rhashtable. The manipulation leads to deadlock. This vulnerability is known as CVE-2024-58042. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about…

A vulnerability was found in Pro-face Pro-Server EX up to 1.23.000. It has been declared as problematic. This vulnerability affects unknown code of the file ProServr.exe of the component C Runtime. The manipulation leads to information disclosure. This vulnerability was named CVE-2012-3796. The attack can be initiated remotely. Furthermore, there is an exploit available.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant   Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader – Still Swimming Under the […]

A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument user_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7886. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the argument path leads to cross site scripting. This vulnerability was named CVE-2025-7887. The attack can be initiated remotely. Furthermore, there is an exploit available.