Aggregator

A vulnerability has been found in Linux Kernel up to 6.16.8 and classified as critical. Affected by this vulnerability is the function __iommu_release_dma_ownership of the component s390. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-39958. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.8. This impacts the function tcp_disconnect of the file net/ipv4/tcp_timer.c. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-39955. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.48/6.16.8. Affected is the function igc_probe of the file net/core/dev.c. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-39956. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.153/6.6.107/6.12.48/6.16.8. It has been declared as critical. This vulnerability affects the function ieee80211_prep_hw_scan of the component wifi. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-39957. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.52/6.17.2. This impacts the function usb9pfs_rx_header of the component USB 9pfs Transport Layer. Such manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2025-40004. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.8. It has been classified as critical. This affects the function recalc_rate of the component clk. This manipulation causes divide by zero. This vulnerability appears as CVE-2025-39954. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

Prince of Persia 组织最新攻击动向分析；研究人员发现疑似APT-Q-27组织针对金融机构发起多阶段攻击；APT-C-28 利用 MiradorShell 发起网络攻击的安全预警；Transparent Tribe组织瞄准印度初创企业传播Crimson RAT

On December 3, 2025 (local time), a vulnerability allowing unauthenticated remote code execution in React Server Components (RSC) (CVE-2025-55182) was disclosed. JPCERT/CC has received multiple incident reports related to this attack. Among them, there was a case in which this...

По его словам, WeChat стал лидером на рынке, а не «нацмессенджером» по приказу.

Wireshark 抓包用得多了，有没有试过拿来打日志？依靠内置的 lua 脚本（dissector）可以实现自定义的解码和展示，理论上什么结构化数据都可以往里面塞。 各位榜上大哥刷🍎赏金必然要分析的一类组件就是 XPC 通信。这是之前想到的一个脑洞，用 hook 抓 iOS/mac 的进程间通信然后转存到 Wireshark 里，还能保存成 pcap。 直接输出 XPC 消息的服务名，消息内容和调用堆栈。如果是 NSXPC 还可以直接打参数出来。 写得很烂有 bug 一直没办法用，于是雪藏了很久。刚才突发奇想塞给 llm，很快把 bug 修掉了… 代码在 github/ChiChou/XpcScope/releases/tag/v1.0.0

A vulnerability identified as problematic has been detected in Google Chrome. The affected element is an unknown function of the component File Input. This manipulation causes clickjacking. This vulnerability is handled as CVE-2026-2322. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in pjsip pjproject up to 2.16. Impacted is an unknown function of the component PJNATH ICE Session. Executing a manipulation can lead to buffer overflow. This vulnerability is tracked as CVE-2026-25994. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability labeled as problematic has been found in CIPPlanner CIPAce up to 9.16. This affects an unknown part of the component Authentication Component. The manipulation results in protection mechanism failure. This vulnerability is known as CVE-2024-50618. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in CIPPlanner CIPAce up to 9.16. This vulnerability affects unknown code. This manipulation causes unrestricted upload. This vulnerability is handled as CVE-2024-50620. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Statping-ng 0.91.0. This issue affects some unknown processing of the component API. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2024-26477. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic has been found in Statping-ng 0.91.0. The affected element is an unknown function of the file /api/users of the component Request Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-26478. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Statping-ng 0.91.0. The impacted element is an unknown function of the component Request Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2024-26479. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Statping-ng 0.91.0. This affects an unknown function of the component Request Handler. This manipulation of the argument admin causes information disclosure. This vulnerability is handled as CVE-2024-26480. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Google Chrome. The impacted element is an unknown function of the component Downloads. Such manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2026-2323. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.