188 matches found
EUVD-2025-5954
Malicious code in bioql PyPI...
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
Palo Alto, California, 18th September 2025, CyberNewsWire...
CVE-2025-9527 Linksys E1700 QoSSetup stack-based overflow
A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ackpolicy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be...
CVE-2025-38665 can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...
CVE-2025-38665
In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...
Linux Distros Unpatched Vulnerability : CVE-2023-52919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL...
SUSE CVE-2025-38437
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbdiovpinrsp return error, use-after-free can happen by accessing opinfo-state and opinfoput and ksmbdfdput could called twice...
DEBIAN-CVE-2025-38437
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbdiovpinrsp return error, use-after-free can happen by accessing opinfo-state and opinfoput and ksmbdfdput could called twice...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential post-release usage issue in the lease break acknowledgement path...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 - sudo chroot Usage docker build -t cv...
quiche -- Multiple vulnerabilities
Quiche Releases reports: This update includes 2 security fixes: Medium CVE-2025-4820: Incorrect congestion window growth by optimistic ACK. Reported by Louis Navarre on 2025-06-18. High CVE-2025-4821: Incorrect congestion window growth by invalid ACK ranges. Reported by Louis Navarre on 2025-06-1...
CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error
CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...
GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
GO-2025-3517 Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt in github.com/cosmos/ibc-go
Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt in github.com/cosmos/ibc-go...
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Description An issue was discovered in IBC-Go's deserialization of acknowledgements that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain. This an upstream dependency used in cheqd-node, rather than a custom...
GO-2025-3494 IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement in github.com/cosmos/ibc-go
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement in github.com/cosmos/ibc-go...
DoS in Cilium agent DNS proxy from crafted DNS responses
Impact In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic ...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends a "Switch Request ACK" message missing th...
How to handle vulnerability reports in aviation
TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don’t let legal or PR teams take over. Provide regular updates to avoid miscommunication. Keep researchers informed throughout the process. W...
PT-2024-36917
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the wifi driver rtw88. When removing kernel modules, the driver uses skb queue purge to purge TX skb but does not report ...