Linux KSMBD Subsystem Vulnerability Can Exhaust Server Resources

Linux KSMBD Subsystem Vulnerability Can Exhaust Server Resources

Recently, a denial-of-service vulnerability was discovered in the KSMBD (SMB Direct) subsystem of the Linux kernel, attracting widespread attention in the open-source community. This vulnerability, identified as CVE-2025-38501, allows remote and unauthenticated attackers to exploit the kernel’s handling of half-open TCP sessions to exhaust all available SMB connections. The key aspect of this vulnerability is … Read more

Vulnerability Warning | X2Modbus Gateway Information Disclosure Vulnerability

Vulnerability Warning | X2Modbus Gateway Information Disclosure Vulnerability

0x00 Vulnerability ID None 0x01 Danger Level Medium 0x02 Vulnerability Overview X2Modbus is a Modbus protocol conversion gateway that allows users to configure it according to the communication protocol of field devices, converting it to the standard Modbus protocol. 0x03 Vulnerability DetailsVulnerability Type:Information DisclosureImpact:Exposure of sensitive informationSummary:The /soap/GetConfig interface of the X2Modbus gateway has an … Read more

Linux CUPS Vulnerabilities Allow Remote DoS and Authentication Bypass

Linux CUPS Vulnerabilities Allow Remote DoS and Authentication Bypass

Two serious vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass vulnerabilities. These vulnerabilities are tracked as CVE-2025-58364 and CVE-2025-58060, affecting the core printing infrastructure used in nearly all Linux distributions, posing a significant risk to network security. Remote DoS Vulnerability … Read more

HTTP/2 Protocol Exposes ‘MadeYouReset’ Vulnerability, Enabling Large-Scale DDoS Attacks

HTTP/2 Protocol Exposes 'MadeYouReset' Vulnerability, Enabling Large-Scale DDoS Attacks

Part01 Vulnerability Overview Security researchers have discovered a new type of Denial of Service (DoS) vulnerability in the implementation of the HTTP/2 protocol, named “MadeYouReset” (CVE-2025-8671). This vulnerability was publicly disclosed on August 13, 2025, marking a significant escalation in threats related to network protocols. Attackers can exploit this vulnerability to bypass built-in concurrency limits, … Read more

CVE-2025-32463: Local Privilege Escalation via Linux sudo chroot

CVE-2025-32463: Local Privilege Escalation via Linux sudo chroot

🚶🚶Every step counts. 0x01 Introduction <span>sudo chroot</span> is a powerful command combination in Linux systems that allows switching to a specified directory with superuser privileges and running commands or starting sessions with that directory as the new root directory. <span>sudo</span> is used to obtain administrative privileges, while <span>chroot</span> (change root) sets the specified directory as … Read more

Bypassing HttpOnly for Escalating Vulnerability Impact

Bypassing HttpOnly for Escalating Vulnerability Impact

The vulnerabilities described in this article have been fixed. Please do not conduct unauthorized penetration testing. Original source: https://sallam.gitbook.io/sec-88/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie Content The target application is a common website translation platform that includes team management, project management, and an AI feature module. During testing for privilege escalation and injection attacks, I discovered an interesting input field in … Read more

Breaking! Major Vulnerability Discovered in RISC-V – Non-Self-Sufficient = Not Absolutely Secure

Breaking! Major Vulnerability Discovered in RISC-V - Non-Self-Sufficient = Not Absolutely Secure

The Xi’an University of Technology has discovered a vulnerability in the RISC-V processor.The official announcement from Xi’an University of Technology states that Professor Hu Wei’s team from the School of Cyberspace Security has uncovered a medium-risk vulnerability in the RISC-V SonicBOOM processor design, which has been specifically named by the National Computer Network Emergency Response … Read more

High-Risk Vulnerability Alert: Linux Kernel XFRM Double Free Vulnerability CVE-2025-38500

High-Risk Vulnerability Alert: Linux Kernel XFRM Double Free Vulnerability CVE-2025-38500

Vulnerability Description: In the XFRM interface, the collect_md attribute can only be set during device creation. Therefore, if change_link() is called on an interface of type collect_md, it should directly return a failure. However, the check that was originally intended to enforce this restriction is only performed when locate() returns xi, but locate() itself does … Read more

Command Execution Vulnerability in MajorDoMo Smart Home Platform (Includes POC and EXP)

Command Execution Vulnerability in MajorDoMo Smart Home Platform (Includes POC and EXP)

Disclaimer: Please do not use the techniques mentioned in this article for illegal testing. Any direct or indirect consequences and losses caused by the dissemination or use of the information or tools provided in this article are the sole responsibility of the user. The author of this article is not responsible for any adverse consequences. … Read more

Linux Kernel Netfilter Vulnerability Allows Privilege Escalation for Attackers

Linux Kernel Netfilter Vulnerability Allows Privilege Escalation for Attackers

Shake Network Technology NewsClick the right to follow for the latest technology news!Part01 Vulnerability Overview A high-risk vulnerability has been discovered in the ipset subsystem of the Linux kernel netfilter, allowing local attackers to escalate privileges to root level. This vulnerability exists in the bitmap:ip implementation of the ipset framework, stemming from insufficient range validation … Read more