🐛 COMMON VULNERABILITIES AND EXPOSURES 60[−]
25 DecCVE-2025-38393 NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAINInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38399 scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38401 mtk-sd: Prevent memory corruption from DMA map failureInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing itInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38410 drm/msm: Fix a fence leak in submit error pathInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38406 wifi: ath6kl: remove WARN on bad firmware inputInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregateInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38422 net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devicesInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38425 i2c: tegra: check msg length in SMBUS block readInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38409 drm/msm: Fix another leak in the submit error pathInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38395 regulator: gpio: Fix the out-of-bounds access to drvdata::gpiodsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38478 comedi: Fix initialization of data for instructions that write to subdeviceInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38412 platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacksInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38391 usb: typec: altmodes/displayport: do not index invalid pin_assignmentsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38400 nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68345 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as wellInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68366 nbd: defer config unlock in nbd_genl_connectInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68736 landlock: Fix handling of disconnected directoriesInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68745 scsi: qla2xxx: Clear cmds after chip resetInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error pathInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash mapsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68740 ima: Handle error code returned by ima_filter_rule_match()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68379 RDMA/rxe: Fix null deref on srq->rq.queue after resize failureInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account CredentialInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removalInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68349 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalidInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68354 regulator: core: Protect regulator_supply_alias_list with regulator_list_mutexInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68362 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68741 scsi: qla2xxx: Fix improper freeing of purex itemInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/freeInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2023-54161 af_unix: Fix null-ptr-deref in unix_stream_sendpage().Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP eventsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68344 ALSA: wavefront: Fix integer overflow in sample size validationInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68746 spi: tegra210-quad: Fix timeout handlingInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs failsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouseInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68365 fs/ntfs3: Initialize allocated memory before useInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stackInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68728 ntfs3: fix uninit memory after failed mi_read in mi_format_newInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2023-54082 af_unix: Fix null-ptr-deref in unix_stream_sendpage().Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtuInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68364 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68727 ntfs3: Fix uninit buffer allocated by __getname()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68376 coresight: ETR: Fix ETR buffer use-after-free issueInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68380 wifi: ath11k: fix peer HE MCS assignmentInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_idInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68374 md: fix rcu protection in md_wakeup_threadInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68733 smack: fix bug: unprivileged task can create labelsInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2023-54061 x86: fix clear_user_rep_good() exception handling annotationInformation published.MSRC.MICROSOFT.COM
25 DecFortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass VulnerabilityFortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS th…THEHACKERNEWS.COM
25 Dec KEVCISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code ExecutionThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-202…THEHACKERNEWS.COM
25 DecCVE-2025-3001 PyTorch torch.lstm_cell memory corruptionInformation published.MSRC.MICROSOFT.COM
25 DecUnpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA ControlsA critical authentication bypass vulnerability in FortiGate devices enables threat actors to circumvent two-factor authentication (2FA) protections through case-sensitive username manipulation. The flaw, tracked as CVE-2020-12812, affects organizations with specific LDAP integrat…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
25 DecCERN: how does the international research institution manage risk?There are few research institutions in the world with the size and scope of the European Organization for Nuclear Research, CERN. Founded in 1954 by 12 European countries, the European Laboratory for Elementary Particle Physics is located in the Swiss town of Meyrin, in the canto…CSOONLINE.COM
25 DecThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More StoriesIt’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a …THEHACKERNEWS.COM
25 Dec[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSLFreeBSD rtsold 15.x - Remote Code Execution via DNSSLEXPLOIT-DB.COM
📢 SECURITY ADVISORIES 1[−]
25 DecNavigating the Complexities of Privacy and Cybersecurity EvolutionPrivacy and cybersecurity have rapidly evolved, with regulations like GDPR and CCPA shaping data residency requirements. As non-human identities emerge, the complexity grows. How are you adapting to these changes? Subscribe to our podcasts: https://securityweekly.com/subscribe #P…YOUTUBE.COM
🔥 INCIDENT REPORTING 1[−]
25 DecLastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs FindsThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligen…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 2[−]
25 DecBuilding a Hacking Lab in 2025 - PSW #906The crew makes suggestions for building a hacking lab today! We will tackle: - What is recommended today to build a lab, given the latest advancements in tech - Hardware hacking devices and gadgets that are a must-have - Which operating systems should you learn - Virtualization t…YOUTUBE.COM
25 DecCloudflare Tunnels: No Cloud Server NeededUncover how Cloudflare Tunnels is reshaping secure access by removing the need for a public server. Experience the next level of Zero Trust and VPN innovations. 🚀 Subscribe to our podcasts: https://securityweekly.com/subscribe #TechTrends #Innovation #SecurityWeekly #Cybersecurit…YOUTUBE.COM
📡 INFOSEC NEWS 4[−]
25 DecGoogle will finally allow you to change your @gmail.com addressGoogle will finally allow you to change your @gmail address or create a new alias, according to a new support document. [...]BLEEPINGCOMPUTER.COM
25 DecChatGPT’s new formatting blocks make its UI look more like a task toolOpenAI has quietly rolled out 'formatting blocks,' which tweak GPT's layout to match the UI of the task it is supposed to execute. [...]BLEEPINGCOMPUTER.COM
25 Dec[webapps] WordPress Quiz Maker 6.7.0.56 - SQL InjectionWordPress Quiz Maker 6.7.0.56 - SQL InjectionEXPLOIT-DB.COM
25 Dec[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via CookieChained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via CookieEXPLOIT-DB.COM