Aggregator

Name: VuwCTF 2025 (an VuwCTF event.)
Date: Dec. 5, 2025, 9 p.m. — 07 Dec. 2025, 04:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://2025.vuwctf.com/
Rating weight: 0
Event organizers: VuwCTF

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

Currently trending CVE - Hype Score: 7 - Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Currently trending CVE - Hype Score: 7 - NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data ...

Currently trending CVE - Hype Score: 16 - Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same ...

Currently trending CVE - Hype Score: 1 - Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

Currently trending CVE - Hype Score: 54 - Rejected reason: This CVE is a duplicate of CVE-2025-55182.

Currently trending CVE - Hype Score: 83 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

Currently trending CVE - Hype Score: 19 - pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting ...

Currently trending CVE - Hype Score: 12 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway ...

Currently trending CVE - Hype Score: 7 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have ...

Currently trending CVE - Hype Score: 12 - In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement ...

Name: CyKor CTF 2025 (an CyKor CTF event.)
Date: Dec. 6, 2025, 1 a.m. — 07 Dec. 2025, 01:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.cykor.kr/
Rating weight: 0
Event organizers: CyKOR

文章探讨了通过分析`sqlsrv32.dll`的加载过程发现`BidInterface`接口，并展示了如何通过注册表项和路径匹配实现自定义DLL的加载。

A vulnerability classified as critical was found in Linux Kernel up to 6.1.8. This impacts the function highbank_mc_probe. The manipulation results in memory leak. This vulnerability was named CVE-2022-49757. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.90/6.1.8. Affected by this vulnerability is the function platform_get_resource of the component uniphier-glue. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2022-49758. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.8. The impacted element is the function sp_usb_phy_probe. Executing manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2022-49756. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.8. This impacts the function mgmt_mesh_add of the file net/bluetooth/mgmt_util.c of the component Bluetooth. Executing manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2022-49754. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.8. The affected element is the function ffs_ep0_queue_wait of the component f_fs. The manipulation results in use after free. This vulnerability was named CVE-2022-49755. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.