Aggregator

漏洞来源一个满评分的沙箱逃逸漏洞漏洞描述SandboxJS 是一个 JavaScript 沙箱库。0.8.26 之前的版本存在沙箱逃逸漏洞，原因是 `AsyncFunction` 没有被隔离到 `SandboxFunction` 中。该库尝试通过将全局 `Function` 构造函数替换为安全的沙箱版本 `SandboxFunction` 来隔离代码执行。这在 `utils.ts` 中通过一个用于

A vulnerability identified as problematic has been detected in CleanTalk Spam protection, Anti-Spam, FireWall Plugin up to 6.71 on WordPress. Affected is the function checkWithoutToken of the component Plugin Installation Handler. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-1490. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in Ecwid by Lightspeed Ecommerce Shopping Cart Plugin up to 7.0.7 on WordPress. Affected by this vulnerability is the function save_custom_user_profile_fields. The manipulation of the argument ec_store_admin_access results in improper privilege management. This vulnerability is cataloged as CVE-2026-1750. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Element Pack Addons for Elementor Plugin up to 8.3.17 on WordPress. Affected by this issue is the function render_svg of the component SVG Widget. This manipulation causes path traversal. This vulnerability is registered as CVE-2026-1793. Remote exploitation of the attack is possible. No exploit is available.

SmarterMail + Storm-2603 = рецепт кибернетического судного дня для корпораций.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.17.7. Impacted is the function __perf_event_overflow. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2025-40327. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.57/6.17.7. Affected by this vulnerability is the function svm_range_restore_pages of the component amdkfd. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-40332. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7. It has been declared as critical. Affected by this vulnerability is the function local_irq_disable of the component sched. Such manipulation leads to deadlock. This vulnerability is listed as CVE-2025-40329. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.196/6.1.158/6.6.116/6.12.57/6.17.7. Affected by this issue is the function __cdnsp_gadget_init of the component cdns3. Executing a manipulation can lead to improper initialization. This vulnerability is registered as CVE-2025-40314. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.116/6.12.57/6.17.7. This affects the function bind of the component mediatek. The manipulation leads to use after free. This vulnerability is documented as CVE-2025-40316. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7. It has been classified as critical. This issue affects the function dma_alloc_coherent. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2025-40311. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7 and classified as critical. This vulnerability affects the function amdgpu_amdkfd_device_fini_sw. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-40310. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

Самый короткий код, способный превратить химический суп в живую материю.

【热点研判】美台签署对等贸易协定，警惕我经贸版图面临新挑战（资料编码260214545，11页，4231字）

本文约3756字，预计阅读时间11分钟。在情报调查中，确认一个人的真实身份往往是关键一环。

Миллионы на счетах, кураторы в СИЗО и налоговая, которая просит взаймы.

PentestAgent, an open-source AI agent framework from researcher Masic (GH05TCREW), has introduced enhanced capabilities, including prebuilt attack playbooks and seamless HexStrike integration. Released on GitHub by GH05TCREW, this tool leverages large language models (LLMs) like Claude Sonnet or GPT-5 via LiteLLM to conduct sophisticated black-box security assessments. PentestAgent operates through a terminal user interface (TUI), […]

The post PentestAgent – AI Penetration Testing Tool With Prebuilt Attack Playbooks and HexStrike Integration appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.13.10/6.14.1. This vulnerability affects the function usb_dev of the component gpib. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-22051. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.13.10/6.14.1 and classified as critical. This issue affects the function ni_usb of the component gpib. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2025-22052. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1 and classified as problematic. This impacts the function veth_pool_store of the component ibmveth. The manipulation leads to state issue. This vulnerability is referenced as CVE-2025-22053. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.