830 matches found
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data...
CVE-2025-71132
In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPTRT When smc91x.c is built with PREEMPTRT, the following splat occurs in FVPRevC: 13.055000 smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 13.062137 BUG: workqueue leaked...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper lock acquisition during a fallback, which could lead to a deadlock...
KryptoPilot: An Open-World Knowledge-Augmented LLM Agent for Automated Cryptographic Exploitation
Capture-the-Flag CTF competitions play a central role in modern cybersecurity as a platform for training practitioners and evaluating offensive and defensive techniques derived from real-world vulnerabilities. Despite recent advances in large language models LLMs, existing LLM-based agents remain...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via a race condition in the acquire method. An attacker can cause lock operations to fail or behave unexpectedly by creating a symlink at the lock file path between the permission check and file creation. Remediation...
CVE-2019-2590
Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component of Oracle PeopleSoft Products subcomponent: Job Opening. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2011-0858
Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle 15 and 9.1 Bundle 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager...
EUVD-2022-55826
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtimecounterinit The "sysclk" resource is malloced by clkget, it is not released when the function return...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992511)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992511 advisory. In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlblock before decrementing h-resvhugepages The h-hugepages counters are...
SUSE CVE-2025-68739
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling devpmoppputopp to maintain correct resource acquisition and release order...
CVE-2025-68739
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling devpmoppputopp to maintain correct resource acquisition and release order...
CVE-2023-54082 af_unix: Fix null-ptr-deref in unix_stream_sendpage().
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix null-ptr-deref in unixstreamsendpage. Bing-Jhong Billy Jheng reported null-ptr-deref in unixstreamsendpage with detailed analysis and a nice repro. unixstreamsendpage tries to add data to the last skb in the peer's re...
CVE-2025-68739
CVE-2025-68739 concerns the Linux kernel component responsible for PM / devfreq, specifically the hisi OPP handling path. The connected documents describe a fix for a potential use-after-free (UAF) in OPP handling when managing power management references. The underlying issue was improper resour...
CVE-2025-68739 PM / devfreq: hisi: Fix potential UAF in OPP handling
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling devpmoppputopp to maintain correct resource acquisition and release order...
AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
EUVD-2025-204315
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...
Inductive Automation Ignition 安全漏洞
Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A security vulnerability exists in Inductive Automation Ignition that stems...
CVE-2025-68238
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer dmadev was being dereferenced before ensuring that cdnsctrl-dmac is properly initialized. Move the assignment of dmadev after successfully...
CVE-2025-40347 net: enetc: fix the deadlock of enetc_mdio_lock
In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetcmdiolock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetcmdiolock...
CVE-2025-67634
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...