CVE-2025-30126

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being...

PT-2025-31103 · Marbella · Marbella Kr8S Dashcam Ff

Name of the Vulnerable Software and Affected Versions: Marbella KR8s Dashcam FF version 2.0.8 Description: An issue exists on Marbella KR8s Dashcam FF 2.0.8 devices that allows a remote attacker to disable recording, delete recordings, or disable battery protection via port 7777 without requiring...

CVE-2025-30126

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being...

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software is related to the lack of trust chain tracking during certificate verification. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to insufficient protection of sensitive data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the diagnostic logs of the Docker Desktop platform for developing and delivering container applications allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the diagnostic logs of the Docker Desktop platform for developing and delivering container applications is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity, related to insufficient protection of registration data, allows attackers to disclose protected information.

The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

Arizona Woman Jailed for Helping North Korea in $17M IT Job Scam

Arizona woman jailed 8.5 years for aiding North Korea's $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats...

SharpKatz

This is a port of the mimikatz tool, specifically the sekurlsa::logonpasswords, sekurlsa::ekeys, and lsadump::dcsync commands, to C and .NET. The tool is called SharpKatz. The tool is designed to extract sensitive information from a Windows system, including: Logon passwords Kerberos encryption...

Exploit for Improper Input Validation in Samsung Samsung_Mobile

PoC exploit for CVE-2016-4038, a 0day vulnerability in System Management Mode code execution for Lenovo ThinkPad model line. The exploit targets the SystemSmmRuntimeRt UEFI driver GUID: 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and allows arbitrary code execution in System Management Mode. The...

tpwn

tpwn cve-2015-???? poc os x 10.10.5 kernel local privilege escalation vulnerability got burned in 10.11 full writeup etason shout out @ unthreadedjb 4 hax Install NULLGuard to protect yourself against tpwn and other NULL Pointer Deference bugs...

AZL-72944 CVE-2025-38460 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

AZL-65819 CVE-2025-38460 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

UBUNTU-CVE-2025-38460

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

UBUNTU-CVE-2025-38451

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 "md/md-bitmap: fix stats collection for external bitmaps" states: Remove the external bitmap check as the statistics should be available regardless...

CVE-2025-38461 vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

CVE-2025-38460 atm: clip: Fix potential null-ptr-deref in to_atmarpd().

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

CVE-2025-38460

The Astra Linux bulletin confirms CVE-2025-38460 in the Linux kernel: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). The vulnerability arises because to_atmarpd() can be invoked without the RTNL lock, and clip_neigh_solicit() / neigh_ops->solicit() are unsleepable, with no RTNL depen...

CVE-2025-38460

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

CVE-2025-38435

CVE-2025-38435 affects the Linux kernel RISCV vector context handling. The issue: incorrect saving/restoring of vector registers v8–v31 during context save/restore with xtheadvector, risking userspace breakage. Affected component: riscv vector code in the kernel; root cause is the improper preser...