Aggregator

CVE-2025-21911 | Linux Kernel up to 6.12.18/6.13.6 deadlock (Nessus ID 241070)

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.18/6.13.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deadlock. This vulnerability is known as CVE-2025-21911. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-22009 | Linux Kernel up to 6.6.84/6.12.20/6.13.8 kobject_get null pointer dereference (Nessus ID 241070)

Vuldb Updates
9 months 4 weeks ago
A vulnerability has been found in Linux Kernel up to 6.6.84/6.12.20/6.13.8 and classified as critical. This vulnerability affects the function kobject_get. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-22009. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-11956 | Pimcore customer-data-framework up to 4.2.0 list filterDefinition/filter sql injection (GHSA-q53r-9hh9-w277 / EDB-52193)

Vuldb Updates
9 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. This vulnerability is handled as CVE-2024-11956. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-20200 | Cisco FXOS/UCS SNMP Service denial of service (cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO / EUVD-2023-24379)

Vuldb Updates
9 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Cisco FXOS and UCS. This affects an unknown part of the component SNMP Service. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-20200. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-37099 | HPE Insight Remote Support processAttachmentDataStream path traversal (EUVD-2025-19668)

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in HPE Insight Remote Support. It has been classified as critical. This affects the function processAttachmentDataStream. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-37099. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

SDL 79/100问:如何塑造开发安全文化?

我的安全视界观
9 months 4 weeks ago
提到塑造文化,总是让人想到培训、考试、认证等,但除了这些呢?通过长期实践后,发现还可以结合具体的业务去做: 1、做集团级的研发安全风险晒榜:在公司内部或公司高管/各部门负责人范围内,按照部门进行安全风险晾晒,可以让业务线从上至下的重视起来; 2、通过重大安全保障活动扩大影响力:比如每年国家级的HW,业务方凡是出现了事故,你绝对会重视起来,次年估计都会主动找安全团队要帮忙。 总结一下,既要依靠常规的培训和考试、宣传等措施,又可以结合研发安全业务的一些指标、安全事件配合一起塑造研发安全的文化和氛围。 1、SDL 100问 SDL100问:我与SDL的故事 SAST误报太高,如何解决? SDL需要哪些人参与? 大家都有哪些SDL运营指标? 业务系统是否可以带漏洞上线? 日常的漏洞运营,也应该是SDL团队来做吗? SDL 78/100问:关于开发安全BP,对开展SDL有哪些帮助? 2、SDL创新实践 首发!“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键:研发安全团队 DevSecOps实施关键:研发安全流程 DevSecOps实施关键:研发安全规范 DevSecOps实施关键:研发安全工具 从安全视角,看研发安全 数字化转型下研发安全痛点 一个思考:安全测试驱动产品安全? 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、安全运营实践 基于实践的安全事件简述 安全事件运营SOP:钓鱼邮件 安全事件运营SOP:网络攻击 安全事件运营SOP:蜜罐告警 安全事件运营SOP:webshell事件 安全事件运营SOP:接收漏洞事件 应急能力提升:实战应急困境与突破 应急能力提升:挖矿权限维持攻击模拟

U.S. Target North Korean IT Worker Scams with Raids, Indictments

Security Boulevard
9 months 4 weeks ago

The DOJ announced a far-reaching operation that aimed to knock out a substantial number of North Korean IT worker scams that have victimized more than 100 U.S. companies that unwittingly hired North Korean operatives as remote workers, who then stole data and money to support the Pyongyang regime.

The post U.S. Target North Korean IT Worker Scams with Raids, Indictments appeared first on Security Boulevard.

Jeffrey Burt

CVE-2025-53100 | RestDB codehooks-mcp-server up to 0.2.1 os command injection (GHSA-fhq6-jf5q-qxvq / EUVD-2025-19660)

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in RestDB codehooks-mcp-server up to 0.2.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-53100. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46259 | Plus Addons for Elementor Page Builder Plugin up to 6.1.0 on WordPress authorization (EUVD-2025-19674)

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in Plus Addons for Elementor Page Builder Plugin up to 6.1.0 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-46259. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-48379 | python-pillow Pillow up to 11.2.x heap-based overflow (EUVD-2025-19662)

Vuldb Updates
9 months 4 weeks ago
A vulnerability classified as critical has been found in python-pillow Pillow up to 11.2.x. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-48379. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad