Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libblockdev
Description
Statistics
- 4 Posts
- 37 Interactions
Fediverse

Yo, fellow Linuxers, #CVE20256019 has been published and updates are available. The TL;DR. A Local Privilege Escalation to root via libblockdev. Notice the local. So you need to be able to be on the machine. Still, update now.

Dear @Gargron â Can we take another, fresh look at https://github.com/mastodon/mastodon/issues/20694 ? Hashtags should ultimately support full UTF8, IMHO, but adding at the very least the dash would be very helpful. It's not just band or artist names. CVEs are a better example. It would be really helpful when I can use #CVE-2025-6019 instead of #CVE20256019 or #CVE_2025_6019 as I am forced to do now. I guess hashtags are not in scope of the ActivityPub protocol, @evan ?

@jwildeboer @Gargron @evan Is #cve_2025_6019 an option for you?
(Edit: had to remove the / variant, #Mastodon doesn't do nested-obsidian-style variants either :)
Overview
Description
Statistics
- 3 Posts
- 2 Interactions
Fediverse

#Zyxel devices are under active attack via CVE-2023-28771. Researchers spotted a sudden spike in exploit attempts from 244 IPs, possibly tied to #Mirai botnet variants.
đ https://hackread.com/zyxel-devices-active-exploits-cve-2023-28771-vulnerability/

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability https://hackread.com/zyxel-devices-active-exploits-cve-2023-28771-vulnerability/?utm_source=dlvr.it&utm_medium=%5Binfosec.exchange%5D

A critical remote code execution flaw (CVE-2023-28771) in Zyxel devices is being actively exploited by a Mirai-like botnet. The vulnerability, affecting Zyxel networking devices, allows attackers to run their own programs on vulnerable devices. Security experts urge immediate action, including blocking malicious IP addresses and applying security patches.
https://hackread.com/zyxel-devices-active-exploits-cve-2023-28771-vulnerability/
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse

Crash di massa su Windows: la falla in OpenVPN che puĂČ mandare KO le infrastrutture
> Ă stata scoperta una vulnerabilitĂ critica in OpenVPN per Windows (CVE-2025-50054) che consente a utenti locali non privilegiati di mandare in crash il sistema tramite un attacco di tipo buffer overflow.

Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows
Systems
https://cybersecuritynews.com/openvpn-driver-vulnerability/
A critical buffer overflow vulnerability in OpenVPNâs data channel offload
driver for Windows has been discovered, allowing local attackers to crash
Windows systems by sending maliciously crafted control messages.
The vulnerability, identified as CVE-2025-50054, affects the ovpn-dco-win
driver versions 1.3.0 and earlier, as well as version 2.5.8 and earlier, which
has been the default virtual network adapter in OpenVPN since version 2.6.
Overview
- NetScaler
- ADC
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway, similar to CitrixBleed. The vulnerability allows unauthorized attackers to access session tokens from internet-facing devices, potentially gaining access to the appliances. Customers are urged to upgrade to the latest versions and terminate active sessions to mitigate the risk.
https://www.helpnetsecurity.com/2025/06/23/critical-citrix-netscaler-bug-fixed-upgrade-asap-cve-2025-5777/

#Citrix Critical Netscaler #vulnerability CVE-2025-5777 patch released!
Like CtirixBleed this vulnerability allows attackers to grab valid session tokens from the memory of internet-facing #Netscaler devices by sending malformed request:
Overview
- Microsoft
- Microsoft 365 Copilot
Description
Statistics
- 1 Post
- 7 Interactions
Fediverse

Nu har den kommit, den första sÄrbarheten i Copilot som kan anvÀndas för att genom att skicka ett mail extrahera kÀnslig information frÄn en organisation.
Mer information om sÄrbarheten echoleak (CVE-2025-32711) finns hÀr:
https://www.aim.security/lp/aim-labs-echoleak-m365
Overview
- M-Files Corporation
- M-Files Server
Description
Statistics
- 1 Post
- 7 Interactions
Fediverse

It's 2025. We can use emojis in hashtags in some apps. But we still cannot use "-". So, no. still no #CVE-2025-0619. Will this ever be possible? Le sigh.
Overview
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse

Canadian Telco not patching year old RCE đ
âThe Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February.
During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges.â
Overview
- Roundcube
- Webmail
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse

Mattermostăźä»»æăłăŒăćźèĄăźèćŒ±æ§ăCVSS v3ăźăčăłăąă9.9
NVD - CVE-2025-4981 : đ
---
https://nvd.nist.gov/vuln/detail/CVE-2025-4981
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse

WinRAR 7.12 Beta behebt kritische SicherheitslĂŒcke CVE-2025-6218. Die Traversal-Schwachstelle ermöglicht Angreifern, durch manipulierte Archive Schadcode ohne Authentifizierung auszufĂŒhren. #WinRAR #Sicherheit https://winfuture.de/news,151767.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia