VulnCheck KEV: CVE-2025-20352

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service DoS condition on an affected device that is running Cisco IOS...

PT-2025-39307

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software versions prior to IOS XE 17.15.4a Description A vulnerability exists in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software. This flaw, a stack overflow condition, allows an...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the safeasterisk script, which sources all .sh files in the /etc/asterisk/startup.d/ directory as root without validating ownership or permissions. An attacker can execute arbitrary code with root...

2wcom IP-4c 安全漏洞

The 2wcom IP-4c is an audio codec device from the German company 2wcom. A security vulnerability exists in the 2wcom IP-4c version 2.16, which originates from a web interface that allows administrator and manager users to execute arbitrary code as root via the ping or traceroute fields on the...

Amazon Linux 2 : mock, --advisory ALAS2MOCK-2025-001 (ALASMOCK-2025-001)

The version of mock installed on the remote host is prior to 1.4.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the...

Linux Distros Unpatched Vulnerability : CVE-2023-6395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with roo...

Linux Distros Unpatched Vulnerability : CVE-2022-2320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of prope...

Linux Distros Unpatched Vulnerability : CVE-2022-23124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit th...

CVE-2025-50989

OPNsense before 25.1.8 suffers an authenticated command injection in the Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The POST parameter span is concatenated into a system-level command without sanitization, allowing an administrator to inject arbitrary shell commands and payloads...

PT-2025-34873

Name of the Vulnerable Software and Affected Versions: OPNsense version 25.1 Description: OPNsense version 25.1 contains an authenticated command injection issue in the Bridge Interface Edit endpoint interfaces bridge edit.php. The span POST parameter is concatenated into a system-level command...

PT-2025-34775 · Linksys · Linksys Re6250 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE6500 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6250 version 1.0.04.00...

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

Linux Distros Unpatched Vulnerability : CVE-2018-14722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a...

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

CVE-2025-55581

CVE-2025-55581 affects the D-Link DCS-825L firmware (1.08.01 and possibly earlier). The vulnerability lies in the mydlink-watch-dog.sh watchdog script, which restarts the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (for e...

NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TorchSerializer class. The issue results from the lack of proper validation of...

(Pwn2Own) NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LoadFromSharedMemory function. The issue results from the lac...

(Pwn2Own) NVIDIA Triton Inference Server SharedMemoryManager Error Message Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SharedMemoryManager class. The issue results from outputting ...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20294)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20423)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...