Development

Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild

Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild

Summary
TL;DR: Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixe …
Read more

Published Date:
Jul 10, 2025 (14 hours, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner

Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner

A critical remote code execution vulnerability in GeoServer has become a prime target for cybercriminals deploying cryptocurrency mining malware across global networks.
The vulnerability, designated C …
Read more

Published Date:
Jul 10, 2025 (5 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-36401

Critical Ruckus Wireless Vulnerabilities Exposes Enterprise Wireless Networks

Critical Ruckus Wireless Vulnerabilities Exposes Enterprise Wireless Networks

Multiple critical vulnerabilities have been discovered in Ruckus Wireless management products, specifically Virtual SmartZone (vSZ) and Network Director (RND), potentially allowing complete compromise …
Read more

Published Date:
Jul 10, 2025 (4 hours, 55 minutes ago)

Vulnerabilities has been mentioned in this article.

GitLab Vulnerabilities Let Attackers Execute Actions by Injecting Malicious Content

GitLab Vulnerabilities Let Attackers Execute Actions by Injecting Malicious Content

GitLab has released critical security patches across multiple versions to address several high-severity vulnerabilities that could allow attackers to execute unauthorized actions through malicious con …
Read more

Published Date:
Jul 10, 2025 (4 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6948

CVE-2025-6168

CVE-2025-4972

CVE-2025-3396

CVE-2024-12084

CVE-2024-12088

Critical Linux Kernel’ Double Free Vulnerability Let Attackers Escalate Privileges

Critical Linux Kernel’ Double Free Vulnerability Let Attackers Escalate Privileges

A severe double-free vulnerability has been discovered in the Linux kernel’s NFT (netfilter) subsystem, specifically within the pipapo set module.
This critical security flaw allows unprivileged attac …
Read more

Published Date:
Jul 10, 2025 (4 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-4004

ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data

ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data

A significant vulnerability in ServiceNow’s platform, designated CVE-2025-3648 and dubbed “Count(er) Strike,” enables attackers to exfiltrate sensitive data, including PII, credentials, and financial …
Read more

Published Date:
Jul 10, 2025 (3 hours, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3648

PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars

PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars

Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements i …
Read more

Published Date:
Jul 10, 2025 (3 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

Palo Alto Networks GlobalProtect Vulnerability Allows Root User Privilege Escalation

Palo Alto Networks GlobalProtect Vulnerability Allows Root User Privilege Escalation

Palo Alto Networks has disclosed a critical security vulnerability in its GlobalProtect VPN application that enables locally authenticated users to escalate their privileges to root access on macOS an …
Read more

Published Date:
Jul 10, 2025 (2 hours, 41 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-0141

CVE-2025-3648

CVE-2025-38337 – Linux Kernel jbd2 Null Pointer Dereference and Data Race Vulnerability

CVE ID : CVE-2025-38337

Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()

Since handle->h_transaction may be a NULL pointer, so we should change it
to call is_handle_aborted(handle) first before dereferencing it.

And the following data-race was reported in my fuzzer:

==================================================================
BUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata

write to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:
jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556
__ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358
ext4_do_update_inode fs/ext4/inode.c:5220 [inline]
ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869
__ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074
ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103
….

read to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:
jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512
__ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358
ext4_do_update_inode fs/ext4/inode.c:5220 [inline]
ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869
__ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074
ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103
….

value changed: 0x00000000 -> 0x00000001
==================================================================

This issue is caused by missing data-race annotation for jh->b_modified.
Therefore, the missing annotation needs to be added.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…