matlock.ca // THREAT INTELLIGENCE

95Articles

6Categories

2025-12-06Date

🚨

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability,…

KEVTHEHACKERNEWS.COM — 06 Dec 2025

🐛

CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnect

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40264 be2net: pass wrb_params in case of OS2BMC

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40233 ocfs2: clear extent cache after moving/defragmenting extents

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40247 drm/msm: Fix pgtable prealloc error path

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40250 net/mlx5: Clean up only new IRQ glue on request_irq() failure

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-12385 Improper validation of <img> tag size in Text component parser

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40257 mptcp: fix a race in mptcp_pm_del_add_timer()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40259 scsi: sg: Do not sleep in atomic context

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40244 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40253 s390/ctcm: Fix double-kfree

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-12084 Quadratic complexity in node ID cache clearing

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately

GBHACKERS.COM — 06 Dec 2025

🐛

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

BLEEPINGCOMPUTER.COM — 06 Dec 2025

🐛

CVE-2025-9086 Out of bounds read for cookie path

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2022-50303 drm/amdkfd: Fix double release compute pasid

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2023-53231 erofs: Fix detection of atomic context

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-8277 Libssh: memory exhaustion via repeated key exchange in libssh

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-55560 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2022-50304 mtd: core: fix possible resource leak in init_mtd()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2023-53209 wifi: mac80211_hwsim: Fix possible NULL dereference

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2023-45229 Out-of-Bounds Read in EDK II Network Package

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-6485 XSS in Bootstrap button component

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-8114 : null pointer dereference in libssh kex session id calculation

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-29477 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-29478 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-8961 LibTIFF tiffcrop tiffcrop.c main memory corruption

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImage

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-8612 Qemu-kvm: information leak in virtio devices

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-10966 missing SFTP host verification with wolfSSH

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64433 KubeVirt Arbitrary Container File Read

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-10158 Rsync: Out of bounds array access via negative index

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2021-23445 Cross-site Scripting (XSS)

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-5917 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-5916 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0

MSRC.MICROSOFT.COM — 06 Dec 2025

🐛

CVE-2022-4304 Timing Oracle in RSA Decryption

MSRC.MICROSOFT.COM — 06 Dec 2025

⚠️

Cybersecurity Today Month In Review - December 5th, 2025

CYBERSECURITYTODAY.LIBSYN.COM — 06 Dec 2025

⚠️

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

THEHACKERNEWS.COM — 06 Dec 2025

⚠️

Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware

GBHACKERS.COM — 06 Dec 2025

⚠️

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

MSRC.MICROSOFT.COM — 06 Dec 2025

⚠️

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

MSRC.MICROSOFT.COM — 06 Dec 2025

⚠️

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware

INFOSEC.PUB — 6 Dec 2025

🔥

KinoKong - 817,808 breached accounts

HAVEIBEENPWNED.COM — 06 Dec 2025

🕵️

FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads

GBHACKERS.COM — 06 Dec 2025

🕵️

Metaverse and Beyond: Understanding Your Threat Vectors

YOUTUBE.COM — 2025-12-06

🕵️

SVG Filters - Clickjacking 2.0

PROGRAMMING.DEV — 6 Dec 2025

🕵️

Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data

GBHACKERS.COM — 06 Dec 2025

📡

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

KREBSONSECURITY.COM — 06 Dec 2025

📡

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

BLEEPINGCOMPUTER.COM — 06 Dec 2025