Aggregator

A vulnerability has been found in Linux Kernel up to 6.1.82/6.6.22/6.7.10/6.8.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASoC. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-26927. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.9-rc4. Affected is the function nft_pipapo_remove of the component Netfilter. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-26924. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.210/5.15.149/6.1.79/6.6.18/6.7.6. Affected by this vulnerability is the function nvme_delete_ctrl of the component nvme-fc. The manipulation leads to double free. This vulnerability is known as CVE-2024-26846. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security. The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving them vulnerable to data breaches and compliance failures. The research also documents a significant shift in security roles, with nine in 10 professionals surveyed reporting their responsibilities have evolved in the past year, most notably in … More →

The post 53% of security teams lack continuous and up-to-date visibility appeared first on Help Net Security.

Zonder innovatie geen gevechtskracht. Dat is de stellige overtuiging van staatssecretaris van Defensie Gijs Tuinman. Dus zwengelt hij de samenwerking met civiele bedrijven zoveel mogelijk aan. Dit om meer regionale ‘knooppunten’ te creëren. Hiervoor was hij vandaag in het Limburgse Geleen. Daar is de Brightlands Chemelot Campus gevestigd. Die biedt onderdak aan 130 innovatieve bedrijven.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability has been found in IBM Storage Virtualize vSphere Remote Plug-in 1.0/1.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to exposure of sensitive information through environmental variables. This vulnerability was named CVE-2023-43029. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Data Sale of Ecocontrol Soc. Coop

微软正在为 Windows 11 开发一项新功能，该功能向用户解释硬件限制如何影响 PC 性能。在最新的开发者预览版本 build 26120.3576 和 22635.5090 中，设置>系统>关于下包含了一个隐藏的 FAQ 列表，它向用户解释了 GPU 显存、系统内存和操作系统版本的影响。该功能需要手动激活。它为内存较少或显存少于 4GB 的 GPU 等硬件配置提供了具体建议，并标记了过时的 Windows 版本。

Vanaf schepen houdt de zeemacht gevaren in de lucht in de gaten. Daarom patrouilleert het NAVO-vlootverband SNMG1 momenteel tussen IJsland en Groenland. Dit operatiegebied is strategisch belangrijk voor het bondgenootschap.

A vulnerability, which was classified as critical, was found in kuadrant 0.11.3. This affects an unknown part. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-53349. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in LoxiLB up to 0.9.7. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-53348. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Envoy up to 1.30.9/1.31.5/1.32.3/1.33.0. Affected by this vulnerability is an unknown functionality of the component Websocket Handshake Handler. The manipulation leads to improper cleanup on thrown exception. This vulnerability is known as CVE-2025-30157. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in parse-server up to 7.5.1/8.0.1. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-30168. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AWS Cloud Development Kit Command Line Interface up to 2.178.1. It has been rated as problematic. This issue affects some unknown processing of the component Credential Plugin. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. The identification of this vulnerability is CVE-2025-2598. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenable Nessus Agent up to 10.8.2 on Windows. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-24915. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LibreOffice up to 7.0.4/7.1.0. It has been classified as critical. This affects an unknown part of the component ODF Document Handler. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2021-25635. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. [...]

A vulnerability was found in vercel Next.js up to 14.2.24/15.2.2 and classified as critical. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument x-middleware-subrequest leads to improper authorization. This vulnerability is handled as CVE-2025-29927. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in youki up to 0.5.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2025-27612. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.