-
The Linux kernel development team has released version 6.18-rc7, marking another step toward the final 6.18 release expected next weekend. According to kernel maintainer Linus Torvalds, the release cycle remains on track despite a minor setback in the …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending maliciously crafted prompt embeddings. The vulnerability resides in the tensor deserialization process within vLLM’s entrypoints/renderer.py at line 148. When processing user-supplied prompt embeddings, the system loads serialized tensors using torch.load() […] The post vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Iberia Líneas Aéreas de España has disclosed a significant security incident involving unauthorized access to systems operated by an external service provider. The breach has exposed sensitive personal information belonging to the airline’s custo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
High command injection vulnerabilities have been discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 Pro model, allowing authenticated attackers to execute arbitrary commands with root privileges on affected devices. With no patches curre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through malici…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation has rolled out a crucial security update for its widely used network protocol analyzer, addressing multiple vulnerabilities that could lead to denial-of-service conditions. The latest release, version 4.6.1, specifically targets flaws discovered in the Bundle Protocol version 7 (BPv7) and Kafka dissectors. These vulnerabilities, if left unpatched, allow attackers to forcibly crash […] The post Wireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
