Aggregator

This week’s cyber threat landscape highlights a notable increase in zero-day exploit activity, sophisticated phishing campaigns, and the exploitation of […]

The post Weekly Threat Landscape Digest – Week 27 appeared first on HawkEye.

Роскомнадзор подвел итоги.

A vulnerability was found in Pressroom Theme up to 6.9 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-32311. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in SB Breadcrumbs Plugin up to 1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-28978. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Simple Link Directory Plugin up to 14.7.3 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-32297. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in dsrodzin Email Address Security by WebEmailProtector Plugin up to 3.3.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-28976. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in CHMLib up to 2bef8d063ec7d88a8de6fd9f0513ea42ac0fa21f. It has been rated as problematic. Affected by this issue is the function _chm_decompress_block of the file chm_lib.c. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2025-48172. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in OP-TEE optee_os 4.5.0. This issue affects some unknown processing. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2025-46733. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. Affected by this issue is the function nfs4_state_start_net of the component nfsd. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38231. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Affected by this vulnerability is the function fb_add_videomode of the component fbdev. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38215. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.94/6.12.34/6.15.3/6.16-rc1. Affected is the function netif_rx of the file net/ipv6/ip6_input.c. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38192. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3. It has been rated as critical. This issue affects the function e5010_probe of the component media. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-38228. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38233. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-38223. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38225. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.94/6.12.34/6.15.3/6.16-rc2 and classified as problematic. Affected by this vulnerability is the function fts_read of the component hwmon. The manipulation leads to race condition. This vulnerability is known as CVE-2025-38217. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. This issue affects the function ext4_dirty_journalled_data of the component ext4. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-38220. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.15.3. Affected is the function push_rt_task. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38234. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.