Post Content Source: Read MoreÂ
Sense: ParrotCTF
Sense: ParrotCTFHello everyone, hope you are doing well, breaking the systems and figuring out how the system was broken. Any hoops, I have brought you another new write-up on a machine that I recentl …
Read more
Published Date:
Jun 28, 2025 (1 hour, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-46538
Minesweeper is a logic puzzle video game genre generally played on personal computers. We recommend the best open source minesweeper…
CVE ID : CVE-2025-5304
Published : June 28, 2025, 6:15 a.m. | 4 hours, 14 minutes ago
Description : The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6755
Published : June 28, 2025, 6:15 a.m. | 4 hours, 14 minutes ago
Description : The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-38084
Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: unshare page tables during VMA split, not before
Currently, __split_vma() triggers hugetlb page table unsharing through
vm_ops->may_split(). This happens before the VMA lock and rmap locks are
taken – which is too early, it allows racing VMA-locked page faults in our
process and racing rmap walks from other processes to cause page tables to
be shared again before we actually perform the split.
Fix it by explicitly calling into the hugetlb unshare logic from
__split_vma() in the same place where THP splitting also happens. At that
point, both the VMA and the rmap(s) are write-locked.
An annoying detail is that we can now call into the helper
hugetlb_unshare_pmds() from two different locking contexts:
1. from hugetlb_split(), holding:
– mmap lock (exclusively)
– VMA lock
– file rmap lock (exclusively)
2. hugetlb_unshare_all_pmds(), which I think is designed to be able to
call us with only the mmap lock held (in shared mode), but currently
only runs while holding mmap lock (exclusively) and VMA lock
Backporting note:
This commit fixes a racy protection that was introduced in commit
b30c14cd6102 (“hugetlb: unshare some PMDs when splitting VMAs”); that
commit claimed to fix an issue introduced in 5.13, but it should actually
also go all the way back.
[jannh@google.com: v2]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-38085
Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
huge_pmd_unshare() drops a reference on a page table that may have
previously been shared across processes, potentially turning it into a
normal page table used in another process in which unrelated VMAs can
afterwards be installed.
If this happens in the middle of a concurrent gup_fast(), gup_fast() could
end up walking the page tables of another process. While I don’t see any
way in which that immediately leads to kernel memory corruption, it is
really weird and unexpected.
Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),
just like we do in khugepaged when removing page tables for a THP
collapse.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-38086
Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : In the Linux kernel, the following vulnerability has been resolved:
net: ch9200: fix uninitialised access during mii_nway_restart
In mii_nway_restart() the code attempts to call
mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()
utilises a local buffer called “buff”, which is initialised
with control_read(). However “buff” is conditionally
initialised inside control_read():
if (err == size) {
memcpy(data, buf, size);
}
If the condition of “err == size” is not met, then
“buff” remains uninitialised. Once this happens the
uninitialised “buff” is accessed and returned during
ch9200_mdio_read():
return (buff[0] | buff[1]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5937
Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6816
Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Canonical, l’azienda che sviluppa la distribuzione GNU/Linux Ubuntu, 10 anni fa, nel 2014, riportava ricavi per circa 81 milioni di…
Git is an open source distributed version control system which was originally designed by Linus Torvalds, the creator of Linux.…
Google Firebase is a platform developed by Google for creating mobile and web applications. What are the best free and…
Wine è un livello di compatibilità che permette agli utenti di sistemi operativi basati su GNU/Linux e macOS di eseguire…
Oracle Linux è una distribuzione GNU/Linux sviluppata e supportata da Oracle, progettata per offrire un ambiente enterprise stabile, sicuro ed…
CVE ID : CVE-2025-53380
Published : June 28, 2025, 3:15 a.m. | 3 hours, 8 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53383
Published : June 28, 2025, 3:15 a.m. | 3 hours, 8 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53381
Published : June 28, 2025, 3:15 a.m. | 3 hours, 8 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53382
Published : June 28, 2025, 3:15 a.m. | 3 hours, 8 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53388
Published : June 28, 2025, 3:15 a.m. | 3 hours, 8 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…