CVE-2025-59459

An attacker that gains SSH access to an unprivileged account may be able to disrupt services including SSH, causing persistent loss of availability...

CVE-2025-59459 Denial-of-service (DoS) via resource consumption

An attacker that gains SSH access to an unprivileged account may be able to disrupt services including SSH, causing persistent loss of availability...

PT-2025-43923

Name of the Vulnerable Software and Affected Versions versions prior to 2025-10-27 Description An attacker obtaining SSH access to an unprivileged account may disrupt services, including SSH, leading to persistent unavailability. The issue involves a denial-of-service condition caused by resource...

CVE-2025-34503

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

PT-2025-43689

Name of the Vulnerable Software and Affected Versions Deck Mate 1 affected versions not specified Description Deck Mate 1 executes firmware directly from an external EEPROM without verifying its authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to execu...

PT-2025-43688

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The Deck Mate 2 device does not have a verified secure-boot chain or runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a lack of secure boot chain validation and runtime integrity validation, which could allow a physically accessible attacker to modify or...

CVE-2025-54808

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

EUVD-2025-35687

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-1679

CVE-2025-1679 and CVE-2025-1680 concern Moxa Ethernet switches. CVE-2025-1679 is a stored Cross-site Scripting (XSS) in the device web interface: an authenticated admin can inject scripts that affect authenticated users, with impact on the subsequent system’s confidentiality and integrity but not...

PT-2025-43452

Name of the Vulnerable Software and Affected Versions versions prior to 2025-22432 Description A persistent connection may occur due to improper input validation within the notifyTimeout function of the CallRedirectionProcessor.java component. This could potentially allow for local escalation of...

MAL-2025-48533 Malicious code in hash-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 797126e9eb0f67390ff12806c31b6cca28e65c31d1eb9b186dbb591b0db9c941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48518 Malicious code in dist-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d6276f9115715018347a416b17686c81064ab130b386dacfdbe52f80bf1a2d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...

Malicious code in scr-database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3902b02c9664e32f82d280e45ac58ec3cd3bb57766bfbffdb7a11b845f20b9ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...