Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: A consistency check is performed on the mailbox/SMT channel. Upon receiving a completion interrupt, the shared memory area is accessed to retrieve the message header first. If the message sequence number...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...

PT-2026-34329

Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2026-23316

CVE-2026-23316 – Linux kernel ARM64 multipath hash seed alignment fix . The issue arises in the ARM64 Linux kernel when reading the 8-byte struct sysctl_fib_multipath_hash_seed (user_seed and mp_seed) atomically with READ_ONCE(). Under Clang+LTO, this full-structure read emits a 64-bit load-acqui...

CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

ROS-20260319-73-0024

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker to gain full control over the system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

ANGEET ES3 KVM 安全漏洞

ANGEET ES3 KVM is a KVM switch device from theANGEET company that enables remote control of keyboards, video, and mice through the network. The ANGEET ES3 KVM has a security vulnerability; this vulnerability stems from allowing remote, unauthenticated attackers to write arbitrary files, potential...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

EUVD-2025-208607

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2025-15037

CVE-2025-15037 affects the ASUS Business System Control Interface driver. An unprivileged local user can trigger a crafted IOCTL request, potentially leading to unauthorized access to hardware resources and kernel information disclosure. References point to the ASUS Security Advisory for details....

PT-2026-24909

🚨 CVE-2025-15037 An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive...

Bosch Infotainment ECU 安全漏洞

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. The Bosch Infotainment ECU has a security vulnerability, which stems from the lack of kernel module signature verification. This vulnerability could allow attackers to load custom kernel modules an...

VulnCheck KEV: CVE-2025-70795

STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system...

Directory Traversal

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of nested traversal sequences e.g., ....// in multiple API endpoints. An attacker can gain full syst...

EUVD-2023-48032

EVE Freely Allocates Buffer on The Stack With Data From Socket...