Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from armscpi not clearing scpiinfo when probing fails resulting in reuse after release...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1635)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ipv4: Fix a data-race around sysctlfibsyncmem.CVE-2022-49637 ima: Fix potential memory leak in imainitcrypto.CVE-2022-49627 MIPS: pgalloc: fix...

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Threat hunters are calling attention to a new variant of a remote access trojan RAT called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a...

CVE-2025-5573

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. T...

CVE-2024-9413

The transportmessagehandler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor AP to cause a buffer overflow in System Control Processor SCP firmware...

CVE-2023-5754

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

CVE-2023-37273

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

CVE-2023-47889

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-34907

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2021-37292

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control...

CVE-2021-39296

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system...

CVE-2020-12107

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System...

Malicious code in ideals-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc50c85c983d6fae92067eec047d6e22d93ddd342cca6345a30c7e42c4e37fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-16963 · Unknown · Alfa Campro-Co

Name of the Vulnerable Software and Affected Versions: ALFA CAMPRO-co version 2.29 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the newap text 0 key value. This enables the attacker to potentially gain control over the system. Recommendations: For AL...

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA that originates from the injection of arbitrary ABAP code into a function module, which could result in full control of...

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...