CVE-2025-68243

The CVE affects the Linux kernel NFS client TLS/X.509 handling in nfs_match_client(). When RPC_XPRTSEC_TLS_X509 is used, the cert_serial and privkey_serial fields must match to validate the client identity; otherwise, there can be unintended session reuse. The issue has been resolved in the Linux...

CVE-2025-68217

Technical details for CVE-2025-68217 are not publicly provided in the supplied connected documents. The initial description outlines an out-of-bounds risk in the pegasus_notetaker driver, but no concrete technical specifics (vendor/version, exploit, or patch) are included here. Monitor for updates.

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper serial device detection and could lead to null pointer dereferencing...

Linux Distros Unpatched Vulnerability : CVE-2025-68194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: imon: make sendpacket more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock 1. First...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a contention condition in dwc3removerequests, which could lead to the premature release of U...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a memory leak in USB bulk transfers, which could lead to a data leak...

PT-2025-51630

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus notetaker driver contains a flaw where the pegasus probe function allocates a URB transfer buffer based on a potentially manipulated wMaxPacketSize value from a USB endpoint...

Linux Distros Unpatched Vulnerability : CVE-2025-68311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tty: serial: ip22zilog: Use platform device for probing After commit 84a9582fd203 serial: core: Start managing serial controllers to enable runtime PM serial...

CVE-2025-36753

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

EUVD-2025-203318

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The...

PT-2025-51181

Name of the Vulnerable Software and Affected Versions Ugreen DH2100+ versions up to 5.3.0 Description A flaw exists in the USB Handler component of Ugreen DH2100+ that allows for symlink following. This issue can be directly exploited on the physical device. The exploit has been publicly disclose...

UGREEN DH2100+ 安全漏洞

UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A security vulnerability exists in UGREEN DH2100+ version 5.3.0 and earlier, which stems from a symbolic link following issue in the USB Handler component...

EUVD-2025-203255

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

CVE-2025-36753

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

CVE-2025-36753

The CVE-2025-36753 entry concerns the Growatt ShineLan-X dongle with the SWD debug interface enabled by default. The exposed SWD interface allows an attacker to gain debug access and potentially extract secrets or domains from the device. The root cause is the default-access SWD debug interface; ...

PT-2025-51102

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

Growatt ShineLan-X 安全漏洞

Growatt ShineLan-X is a data logger for PV inverters from Growatt China. A security vulnerability exists in Growatt ShineLan-X, which stems from the SWD debugging interface enabled by default and could lead to the extraction of device secrets or domains...

CVE-2025-40345

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability Discovery Engine. newpba comes from the status packet returned after each write. A bogus device could report values beyond the block...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...