CVE-2025-57428

The CVE-2025-57428 entry concerns Italy Wireless Mini Router WIRELESS-N 300M, firmware v28K.MiniRouter.20190211. Publicly available material confirms a default Telnet debug interface on port 23, with admin/admin credentials, granting access to a low-level shell. The exploit log shows commands suc...

📄 Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

Italy Wireless WIRELESS-N 300M 安全漏洞

Italy Wireless WIRELESS-N 300M is a MiniRouter from Italy Wireless, Italy. A security vulnerability exists in the Italy Wireless WIRELESS-N 300M v28K.MiniRouter.20190211 version, which originates from the default credentials, and could lead to an attacker accessing the debug shell and executing...

PT-2025-39828

Name of the Vulnerable Software and Affected Versions Italy Wireless Mini Router WIRELESS-N 300M version v28K.MiniRouter.20190211 Description Default credentials in the Italy Wireless Mini Router WIRELESS-N 300M version v28K.MiniRouter.20190211 allow attackers to access the debug shell exposed vi...

Exploit for CVE-2025-57428

CVE-2025-57428 - Telnet debug interface enabled by default all...

CVE-2025-9984

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

CVE-2025-59834

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

Insertion Of Sensitive Information Into Log File

github.com/edgelesssys/contrast vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

Do Not Start the debug-shell Service

The debug-shell service is used to locate faults that occur during system boot. This service is installed with systemd. The debug-shell service requires no authentication, that is, attackers can access the root shell by simply pressing Ctrl+Alt+F9 during systemd startup when the OS is booting. Th...

Command Injection

Overview adb-mcp is a MCP server for Android Debug Bridge ADB interactions in TypeScript Affected versions of this package are vulnerable to Command Injection via the executeAdbCommand function. An attacker can execute arbitrary system commands by supplying specially crafted input to the device...

USN-7766-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

Arbitrary Code Execution (ACE)

picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...

NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2025-2155 NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability September 24, 2025 CVE Number CVE-2025-23339 SUMMARY An arbitrary code execution vulnerability exists in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55...

PT-2025-39375

Name of the Vulnerable Software and Affected Versions ADB MCP Server versions 0.1.0 and prior Description ADB MCP Server, a Model Context Protocol server for interacting with Android devices through ADB, contains a flaw in its implementation. Versions 0.1.0 and earlier are susceptible to command...

CVE-2025-39871

CVE-2025-39871 relates to the Linux kernel dmaengine idxd driver. The fix removes an improper idxd_free() call that could trigger a duplicate put_device() leading to refcount underflow and a use-after-free during module unload. The issue arises in idxd_remove() and during module exit when CONFIG_...

PT-2025-42779

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s AFS subsystem where a null pointer dereference could occur within the afs put server function. Specifically, the function accessed server-debug id...

Bluetooth: vhci: Prevent use-after-free by removing debugfs files early

...

SUSE CVE-2023-53183

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2025-39843

In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...