CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-47421 Privilege escalation via SCP login

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

CVE-2025-9817

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

AZL-66770 CVE-2025-9817 affecting package wireshark 4.4.7-1

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

CVE-2025-9817

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

CVE-2025-9817

CVE-2025-9817 is a vulnerability in Wireshark related to a SSH dissector crash. The initial entry notes Wireshark 4.4.0–4.4.8 as affected, enabling denial of service. Connected advisories confirm broader impact across multiple distributions (Debian, SUSE, Red Hat, AlmaLinux, Oracle Linux, Rocky L...

CVE-2025-9817

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

Exploit for Use After Free in Microsoft

CVE-2025-27480 CVE‑2025‑27480 – Remote Code Execution in O...

PT-2025-35721

Name of the Vulnerable Software and Affected Versions: CRESTRON TOUCHSCREENS x70 versions 3.001.0031.001 through 3.001.0034.001 Description: An improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability exists in CRESTRON TOUCHSCREENS x70. A specially crafted S...

Wireshark 代码问题漏洞

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A code issue vulnerability exists in Wireshark versions 4.4.0 through 4.4.8, which stem...

PT-2025-35699

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.4.0 through 4.4.8 Description The SSH dissector in Wireshark is susceptible to a crash, potentially leading to a denial of service. Recommendations Upgrade Wireshark to a newer version to address this issue...

CVE-2025-9696

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696

CVE-2025-9696 concerns SunPower PVS6 BluetoothLE security. The vulnerability arises from the device’s Bluetooth Low Energy interface using hardcoded encryption parameters and publicly accessible protocol details, enabling an attacker in Bluetooth range to gain full access to the servicing interfa...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548 Enabling SSH and Shellinabox on the vulnerable machine

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

PT-2025-35584

Name of the Vulnerable Software and Affected Versions: SunPower PVS6 affected versions not specified Description: The SunPower PVS6’s BluetoothLE interface is vulnerable due to the use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range...