Aggregator

A vulnerability has been found in Samsung Galaxy Watch and classified as critical. This vulnerability affects unknown code of the component SemSensorService. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-21011. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, was found in Samsung SamsungAccount. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2025-21010. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Samsung Devices. Affected by this issue is some unknown functionality of the component System Device Node. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-20990. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as problematic was found in Concrete CMS up to 8.5.20/9.4.2 on Concrete. Affected by this vulnerability is an unknown functionality of the component Conversation Messages Dashboard. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-8571. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Huawei HarmonyOS and EMUI. Affected is an unknown function of the component Partition Module. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-54631. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 4.3.0/5.0.1. It has been rated as critical. This issue affects some unknown processing of the component DFA Module. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-54630. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as problematic. This vulnerability affects unknown code of the component Communication Module. The manipulation leads to range error. This vulnerability was named CVE-2025-54628. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been classified as critical. This affects an unknown part of the component Skia Module. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-54627. It is possible to initiate the attack remotely. There is no exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive (BOD) 22-01: […]

美国网络安全机构CISA将D-Link摄像头和网络视频录像机的三个漏洞加入已知被利用漏洞目录。这些漏洞允许攻击者获取管理员密码或注入命令控制设备。联邦机构需在2025年8月前修复以防止攻击。

NYT хочет видеть, о чём ты говорил с ИИ — OpenAI в панике.

文章描述了curl工具在处理HTTP方法和重定向时的一个历史问题及其解决方案。早期版本中使用-X选项会改变所有请求的HTTP方法，导致潜在问题。为了解决这一问题，在curl 8.16.0中引入了新的--follow选项，允许正确调整后续请求的方法以响应服务器返回的状态码。这一功能特别适用于非传统HTTP方法（如PATCH和即将推出的QUERY）的重定向处理。

A vulnerability was found in Huawei HarmonyOS 5.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Cjwindow Module. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-54626. The attack needs to be approached locally. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 5.0.1/5.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Multimodalinput Module. The manipulation leads to permission issues. This vulnerability is known as CVE-2025-54624. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Huawei HarmonyOS 5.0.1/5.1.0. Affected is an unknown function of the component Audio Codec Module. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-54650. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Huawei HarmonyOS and EMUI. This issue affects some unknown processing of the component BLE Module. The manipulation leads to improper handling of length parameter inconsistency. The identification of this vulnerability is CVE-2025-54646. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in Huawei HarmonyOS 5.0.1/5.1.0. This vulnerability affects unknown code of the component Location Service Module. The manipulation leads to improper validation of array index. This vulnerability was named CVE-2025-54645. The attack can be initiated remotely. There is no exploit available.

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), that were actively exploited in the wild. In June, Google Android Security team reported three […]

Google修复了高通的两个被积极利用的漏洞（CVE-2025-21479和CVE-2025-27038），影响GPU驱动。同时修复了其他安全问题，包括一个严重漏洞（CVE-2025-48530），允许远程代码执行。建议用户尽快安装更新。

A vulnerability classified as critical has been found in Huawei HarmonyOS 5.0.1/5.0.2. This affects an unknown part of the component Virtualization File Module. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-54653. The attack needs to be approached locally. There is no exploit available.