SUSE CVE-2025-34075

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...

DEBIAN-CVE-2025-38102

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

AZL-64496 CVE-2025-38102 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

Malicious code in comcastapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31612a7938787ffe91079ad30056051f31a068066752a935bc2123267f409730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-HQP6-MJW3-F586 HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

CVE-2025-34075

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended...

CVE-2025-34075

...

CVE-2025-34075

CVE-2025-34075 entry is labeled rejected/withdrawn by the CNA. Connected docs describe a guest-to-host code-execution vector in HashiCorp Vagrant via the default synced-folder Vagrantfile exposure: Vagrant mounts the host project directory (including Vagrantfile) into the guest, and an attacker w...

Malicious code in reqweaver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 186187a80deaba9e48696b9c33ee7d2c73224d43193dcbf3d70bcc8f43569c9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which originates from an unauthenticat...

AZL-64449 CVE-2025-32462 affecting package sudo for versions less than 1.9.17-1

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories 

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromis...

Malicious code in jsonlogs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de467478eb6a14c26e0545351ab7bf4545a3a66b145512c0b8babc5b8b3a51eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-44557

A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...

CVE-2025-46708

Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU...

CVE-2025-44557

A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...