CVE-2025-71227

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear to me how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning channel...

CVE-2025-71227

The CVE-2025-71227 entry relates to the Linux kernel wifi/mac80211 warning handling for connections on invalid channels. The Connected OSV records show the vulnerability has been patched in the Root:Rootio-Linux family (Root Debian/Ubuntu variants), with multiple fixed versions available across D...

CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear to me how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning channel...

BIT-APACHE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

AZL-43978 CVE-2024-27316 affecting package mod_http2 1.15.14-2

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray.

Lines of code Vulnerability details Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray. The code lacks proper error handling mechanisms, which can make it...

Monthly Threat Webinar Series in 2023: What to Expect

Stay informed and stay ahead...

Tor: Content spoofing on

Vulnerability description not provided...

Udemy: Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token

The report was about a staging S3 bucket where we allow any file to be uploaded and then further process it from there. It was closed as informative because there is no security risk associated with it...

PornHub: Email Confirmation Bypass

Reporter : Vaxo Dai @0x00 After signing up client needs to verify his email address to further use but the confirmation can be bypassed and can put any email address to confirm the user account idname&code=code Here, user can get this id name using pornhub.com/users/username and viewing the sourc...

Uber: XSS @ love.uber.com

Hello Team, I found a Cross-Site Scripting XSS in http://love.uber.com/ I'm not sure if it is eligible for bounty, as this domain is not listed under scope of the program. still as the issue is an XSS, i wanted to bring it to your attention. please mark this report as informative if you're not...

BOTNET - The Hacker News Magazine August 2012 Edition Released

Hello faithful readers and new comers to our magazine! We are very sorry to have missed publishing the July issue, however, we were busy at work putting on the THE HACKERS CONFERENCE in Delhi, India. We had a fantastic turn out and professional, informative speakers. We plan to have another...