EUVD-2026-2508

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests allocated with sockkmalloc were left uninitialized, relying on callers to set fields explicitly. This resulted in the...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2508)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-25883

Malicious code in bioql PyPI...

CVE-2025-43729

Dell ThinOS 10, versions prior to 250810.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access...

CVE-2025-43728

Dell ThinOS 10, versions prior to 250810.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2025-43730

Dell ThinOS 10 is affected by an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability. Affected: Dell ThinOS 10 before 2508_10.0127. Impact per sources: local elevation of privileges and information disclosure for a local unauthenticated user. Root cause:...

PT-2025-34864

Name of the Vulnerable Software and Affected Versions: Dell ThinOS 10 versions prior to 2508 10.0127 Description: Dell ThinOS 10 contains a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this issue, leading to a bypass of the...

PT-2025-34868

Name of the Vulnerable Software and Affected Versions: Dell ThinOS 10 versions prior to 2508 10.0127 Description: Dell ThinOS 10 is susceptible to an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' issue. A local unauthenticated user could potentially exploit this...

PT-2025-34867

Name of the Vulnerable Software and Affected Versions: Dell ThinOS versions prior to 2508 10.0127 Description: Dell ThinOS 10 contains an Incorrect Permission Assignment for Critical Resource. A local low-privileged attacker could potentially exploit this issue, leading to Elevation of Privileges...

CVE-2022-2508

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...

CVE-2005-2508

dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts...

Qnap QTS Command Injection (CVE-2020-2508)

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 and...

CVE-2024-2508

creationtimestamp| type| source ---|---|--- 2024-07-31 11:49:15+00:00| seen| https://t.me/cvedetector/2128...

CVE-2024-2508

CVE-2024-2508 affects the WordPress plugin WP Mobile Menu (versions up to 2.8.4.4). The vulnerability arises from a missing capability check in the save_menu_item_icon function, enabling unauthenticated attackers to modify data by adding the post meta key '_mobmenu_icon' with a crafted value on a...

WordPress WP Mobile Menu Plugin <= 2.8.4.4 is vulnerable to Broken Access Control

Software WP Mobile Menu Type Plugin Vulnerable versions = 2.8.4.4 Fixed in 2.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2508 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a69747222ff0 Credits 1337Wannabe Required privileg...

Amazon Linux 2 : python-pillow (ALAS-2024-2508)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2508 advisory. An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory t...

MAL-2024-403 Malicious code in wlwz-2312-2508 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd040bc1e14413b4ba0e610f9502ea454fe3828a920b4f5ba3386e724d243d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-2508 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd040bc1e14413b4ba0e610f9502ea454fe3828a920b4f5ba3386e724d243d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-2508

creationtimestamp| type| source ---|---|--- 2023-09-20 20:30:17+00:00| seen| https://t.me/cibsecurity/70806...

CVE-2023-2508

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...