Socomec DIRIS Digiware M-70 访问控制错误漏洞

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...

CVE-2025-58311

UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2025-58311

CVE-2025-58311 describes a use-after-free (UAF) vulnerability in the USB driver module, linked to Huawei HarmonyOS and EMUI. Exploitation can affect availability and confidentiality. Connected sources specify the issue originates from a post-release reuse in the USB driver, with documented impact...

CVE-2025-58311

UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

EUVD-2025-199648

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

CVE-2025-51742

An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

Schneider Electric PowerChute Serial Shutdown Installed (Windows)

Binary data schneiderelectricpowerchuteserialshutdown.nbin...

CVE-2025-51746

CVE-2025-51746 affects jishenghua JSH_ERP 2.3.1. The vulnerability is in the /serialNumber/addSerialNumber endpoint and arises from fastjson deserialization, with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8, CRITICAL). Exploitation details are not provided in the connected docu...

PT-2025-48085

An issue was discovered in jishenghua JSH ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

Schneider Electric PowerChute Serial Shutdown < 1.4.0 Multiple Vulnerabilities

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.4.0. It is, therefore, affected by a elevation of privilege vulnerability. Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. Note that...

Grub2: grub2: out-of-bounds write via malicious usb device

...

PT-2026-2505

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the fsl-cpm driver within the Linux kernel related to handling transfer sizes during SPI communication. A commit intended to optimize large transfers by switching to...

TencentOS Server 4: kernel (TSSA-2025:0047)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0047 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

EUVD-2025-198081

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...