Lucene search
K

4461 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987649 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guestirq is coming from KVMIRQFD API call, it m...

5.5CVSS5.7AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/10/20 10:1 a.m.3 views

kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

5.5CVSS5.7AI score0.00157EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/10/18 11:41 a.m.8 views

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP...

6.9AI score
Exploits0
Rockylinux
Rockylinux
added 2025/10/17 9:39 p.m.4 views

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

7.8CVSS6.9AI score0.00219EPSS
Exploits0
Debian
Debian
added 2025/10/17 1:55 p.m.19 views

[BSA-125] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2025-54286 CVE-2025-54287 CVE-2025-54288 CVE-2025-54289 CVE-2025-54290 CVE-2025-54291 CVE-2025-54293 Multiple security issues were discovered in Incus, a system container and virtual machine...

8.8CVSS5.8AI score0.00537EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/16 7:28 p.m.19 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws in memory management leading to information disclosure or denial of service

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is already free and a flaw in Virtual Machine Communication Interface VMCI allowed uninitialized kernel memory to be exposed to userspace. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the...

7.8CVSS5.7AI score0.00305EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/10/14 10:15 p.m.44 views

CVE-2025-62376

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS0.00573EPSS
Exploits2References2
OSV
OSV
added 2025/10/14 9:58 p.m.16 views

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS6.9AI score0.00573EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/10/14 9:58 p.m.4 views

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS6.6AI score0.00573EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/14 9:58 p.m.46 views

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS0.00573EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.5 views

DOJO 授权问题漏洞

DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an authorization issue vulnerability that stems from improper authentication of the /workspace endpoint, which could lead to unauthorized access to a Windows virtual machine...

9.5CVSS6.5AI score0.00573EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.10 views

PT-2025-42209

Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef Description The /workspace endpoint in pwn.college DOJO has an improper authentication issue. An attacker can access any active Windows VM without authorization...

9.5CVSS6.9AI score0.00573EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2025/10/13 6:15 p.m.5 views

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

5.5CVSS6.8AI score0.00219EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/10/13 12:0 a.m.4 views

RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP

This paper presents RMPocalypse, a novel attack that shows a critical gap in the security of RMP initialization, wherein the x86 cores maliciously control parts of the initial RMP state. The analysis shows that the vulnerability arises due to the complex, but insufficient, interplay of multiple...

7.2AI score
Exploits0
Mageia
Mageia
added 2025/10/11 6:18 a.m.7 views

Updated open-vm-tools package fixes security vulnerability

It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM CVE-2025-41244...

7.8CVSS7.3AI score0.0788EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/10 11:46 p.m.12 views

EUVD-2025-33777

Happy DOM: VM Context Escape can lead to Remote Code Execution...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/10/10 1:1 a.m.4 views

KVM: arm64: Don't retire aborted MMIO instruction

...

5.5CVSS7AI score0.00217EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/10/09 5:10 p.m.220 views

Exploit for Signal Handler Race Condition in Sonicwall Sma_6200_Firmware

CCTV-Hacking-Simulated-Environment-Only Repository purpose:...

8.1CVSS9.3AI score0.99506EPSS
Exploits68
Redos
Redos
added 2025/10/08 12:0 a.m.3 views

ROS-20251008-05

A vulnerability in the Kubernetes virtual machine cluster management software tool is related to insufficient validation of user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

3CVSS6.7AI score0.00778EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.7 views

Oracle Linux 8 : open-vm-tools (ELSA-2025-17509)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-17509 advisory. - Resolves: RHEL-117388 CISA Major Incident CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools rhel-8.10.z Tenable has extracted the...

7.8CVSS8AI score0.0788EPSS
Exploits3References2
Rows per page
Query Builder