Brokenlink hijacking POC by pphreak_1001 for juste

🛡️ MSRC Advisory: [nvme-fc] Patch Released for [CVE-2025-40342] The advisory relates to a lock usage issue when accessing port_state and rport state within nvme-fc. Further details regarding the specific impact are not available at this time.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [SMB Client] Patch Released for [CVE-2025-40328] Use-after-free (UAF) vulnerability in `smb2_close_cached_fid()`. This flaw could allow an attacker to potentially execute arbitrary code or cause a denial of service due to memory corruption.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [btrfs] Patch Released for [CVE-2025-40303] The btrfs filesystem may write dirty metadata to a filesystem with errors. Details about this vulnerability have been published.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [Unknown] Patch Released for [CVE-2025-40297] Fixes a use-after-free vulnerability in the network bridge component due to MST port state bypass. Requires further investigation to determine the full impact and exploitability.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [Bluetooth] Patch Released for [CVE-2025-40301] Information Disclosure vulnerability in Bluetooth due to improper validation of skb length. An attacker could potentially exploit this to gain sensitive information.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [ALSA usb-audio] Patch Released for [CVE-2025-40275] NULL pointer dereference vulnerability in snd_usb_mixer_controls_badd. Exploitation could lead to a denial of service or potentially code execution. Information published.

Read more on MSRC: msrc.microsoft.com/update-guide/v…

🛡️ MSRC Advisory: [VMware Graphics Driver] Patch Released for [CVE-2025-40277] The VMware graphics driver is vulnerable due to insufficient validation of command header size. Details of the vulnerability have been published, potentially leading to exploitation.

Read more: github.com/esm-dev/esm.sh

🚨 New exploit discovered in [esm-dev] — [CVE-2025-59342] esm-dev version 136 is vulnerable to path traversal. By manipulating the 'X-Zone-Id' header, an attacker can access sensitive files due to insufficient path validation.

Read more: pgj11.com

🚨 New exploit discovered in [Summar Employee Portal] — [CVE-2025-40677] Summar Employee Portal 3.98.0 is vulnerable to authenticated SQL injection. An attacker can manipulate the database by sending a POST request to '/MemberPages/quienesquien.aspx'.

Read the full ZDI Advisory: zerodayinitiative.com/advisories/ZDI…

☣️ ZDI Disclosure: [Tencent HunyuanVideo] Vulnerability - [CVE-2025-13710] Remote code execution vulnerability in Tencent HunyuanVideo due to deserialization of untrusted data. User interaction (visiting a malicious page or opening a file) is required to trigger the RCE.

Read the full ZDI Advisory: zerodayinitiative.com/advisories/ZDI…

☣️ ZDI Disclosure: [Tencent NeuralNLP] Vulnerability - [CVE-2025-13708] Remote code execution vulnerability in Tencent NeuralNLP-NeuralClassifier due to deserialization of untrusted data in _load_checkpoint. User interaction is required. No patch available.