CVE-2025-68369

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the dotruncate routine, causing the runlock uninitialized error reported by syzbot...

CVE-2025-68369

CVE-2025-68369 : The Linux kernel ntfs3 code had a run_lock initialization issue for the Extend inode, leading to a potentially uninitialized run_lock when truncating after setting Extend’s mode to a regular file. The fix, implemented in patch 4e8011ffec79, adds the required run_lock initializati...

CVE-2025-68369 ntfs3: init run lock for extend inode

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the dotruncate routine, causing the runlock uninitialized error reported by syzbot...

CVE-2025-68369 ntfs3: init run lock for extend inode

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the dotruncate routine, causing the runlock uninitialized error reported by syzbot...

CVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtu

In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS The transportheader is...

CVE-2025-68363

CVE-2025-68363 : Linux kernel BPF MTU check bug. The helper bpf_skb_check_mtu used skb->transport_header without guaranteeing that skb_transport_header was set, causing a WARN_ON_ONCE during BPF test_run. The fix adds a guard using skb_transport_header_was_set() and performs the check just bef...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not stopping a thread when an array run fails, which could result in a null pointer dereference...

[SECURITY] Fedora 42 Update: moby-engine-29.1.3-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

PT-2025-52416

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper processing of page preview URLs. An authenticated...

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama v0.12.3 and prior versions that stems from an authentication bypass that could lead to unauthorized model management operations...

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...

PT-2025-51959

Name of the Vulnerable Software and Affected Versions SitemagicCMS version 4.4.3 Description The software contains a remote code execution issue that allows attackers to upload malicious PHP files to the 'files/images' directory. An attacker can upload a .phar file containing a system command...

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Nop.Core is an A set of core classes for nopCommerce, such as caching, events, helpers, and business objects for example, Order and Customer entities. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule...

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule Tasks" functionality. An attacker can run a scheduled task without the victim users consent ...

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services AWS customers using compromised Identity and Access Management IAM credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security...

EUVD-2025-203696

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

CVE-2025-68200

CVE-2025-68200 is a Linux kernel vulnerability addressed by introducing bpf_prog_run_data_pointers() to save/restore net_sched storage that collides with BPF data_meta/data_end. The issue stemmed from cls_bpf_classify() potentially modifying tc_skb_cb(skb)->drop_reason, triggering a warning in...

EUVD-2025-203523

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...