EUVD-2025-204451

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

EUVD-2025-204452

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

CVE-2025-66173

There is a privilege-escalation vulnerability in Hikvision DVR products caused by improper authentication for the serial port. An attacker with physical access can connect to the affected device and gain access to an unrestricted shell environment. The issue is documented across multiple sources ...

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

SUSE CVE-2025-68282

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: udc: fix use-after-free in usbgadgetstatework A race condition during gadget teardown can lead to a use-after-free in usbgadgetstatework, as reported by KASAN: BUG: KASAN: invalid-access in sysfsnotify+0x2c/0xd0...

Hikvision DVR DS-7204HGHI-F1 安全漏洞

The Hikvision DVR DS-7204HGHI-F1 is a hard disk recorder from Hikvision China. A security vulnerability exists in the Hikvision DVR DS-7204HGHI-F1 that originates from improper serial port authentication and could result in the execution of a series of commands...

PT-2025-52416

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

Hikvision DVR DS-7204HGHI-F1 安全漏洞

Hikvision DVR DS-7204HGHI-F1 is a hard disk recorder from Hikvision, a Chinese company. A security vulnerability exists in the Hikvision DVR DS-7204HGHI-F1 that stems from improper serial port authentication, which could result in elevated privileges...

PT-2025-52415

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

Konica Bizhub Multifunction Printers Insertion of Sensitive Information into Externally-Accessible File or Directory (CVE-2025-8452)

Through the use of eSCL or SNMP protocols, an attacker can retrieve the serial number of a printer. By applying the attack technique described in CVE-2024-51978, the default administrator password can be derived from the obtained serial number. Consequently, if the administrator password has not...

SUSE SLES16 Security Update : grub2 (SUSE-SU-2025:21212-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21212-1 advisory. Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...

CVE-2025-68323

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...

usb: gadget: f_eem: Fix memory leak in eem_unwrap

...

usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

...

most: usb: fix double free on late probe failure

...

usb: storage: Fix memory leak in USB bulk transport

...

can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs

...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...