CVE-2025-1272

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned...

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...

CVE-2025-12952

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

CVE-2025-12952

CVE-2025-12952 describes a privilege-escalation in Google Cloud Dialogflow CX. Investigations across multiple sources indicate that agents with Webhook editor permission could misuse Dialogflow service agent access token authentication to escalate from agent-level to project-level, enabling acces...

CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

PT-2025-50307

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

PT-2025-92: Local Privilege Escalation in IDrive

The vulnerability was identified in IDrive, version 4.0.0.38. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 02.09.2025 Recommendations: Update to version MacVersion...

Pixel Watch Security Bulletin—February 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-02-01 or later address all issues in this bulletin and all issues in the February 2025 Android Security Bulletin and all...

CVE-2025-20992

Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

CVE-2025-0159

creationtimestamp| type| source ---|---|--- 2025-02-28 19:20:38+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114083131418296123 2025-02-28 19:26:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5955 2025-02-28 20:08:31+00:00| seen|...

CVE-2024-8425

creationtimestamp| type| source ---|---|--- 2025-02-28 09:27:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5860 2025-02-28 11:10:24+00:00| seen| https://t.me/cvedetector/19135 2025-02-28 11:48:48+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114081354392866059 2025-04-...

CVE-2025-27531

creationtimestamp| type| source ---|---|--- 2025-02-28 04:24:45+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lj7kruepf32q 2025-06-06 15:39:45+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114637169259974567...

CVE-2025-1682

creationtimestamp| type| source ---|---|--- 2025-02-28 00:25:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5825 2025-02-28 01:48:41+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114078994918555296 2025-02-28 03:38:46+00:00| seen| https://t.me/cvedetector/19105 2025-03-...

CVE-2024-38514

creationtimestamp| type| source ---|---|--- 2025-02-27 21:02:06+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lj6s25smgr2t 2025-03-09 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-09 2025-03-29 00:00:00+00:00| exploited| The...

CVE-2025-21799

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65cpswnussremovetxchns When getting the IRQ we use k3udmagluetxgetirq which returns negative error value on error. So not NULL check is not sufficient to deteremine if IRQ is...

CVE-2025-21814

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info-enable callback is always set The ioctl and sysfs handlers unconditionally call the -enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptps390.c,...

CVE-2024-58034

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegraemcfindnodebyramcode As offindnodebyname release the reference of the argument device node, tegraemcfindnodebyramcode releases some device nodes while still in use,...

CVE-2025-21800

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWSSET32 macro for negative offset When bit offset for HWSSET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in...