CVE-2025-29228

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter...

kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

A vulnerability was found in cloneprivatemount in fs/namespace.c in filesystem subsystem in the Linux Kernel.This flaw could allow a local attacker to crash the system or leak kernel internal information...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-611_9_1 security update

An update for kpatch-patch-5140-61191 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-14455

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

CVE-2025-14455

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

EUVD-2025-204522

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

PT-2025-52438

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

A vulnerability was found in cloneprivatemount in fs/namespace.c in filesystem subsystem in the Linux Kernel.This flaw could allow a local attacker to crash the system or leak kernel internal information...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

A vulnerability was found in cloneprivatemount in fs/namespace.c in filesystem subsystem in the Linux Kernel.This flaw could allow a local attacker to crash the system or leak kernel internal information...

kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

A vulnerability was found in cloneprivatemount in fs/namespace.c in filesystem subsystem in the Linux Kernel.This flaw could allow a local attacker to crash the system or leak kernel internal information...

RHEL 9 : kernel (RHSA-2025:23241)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23241 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cloneprivatemnt: make sure th...

ALSA-2025:23279 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns CVE-2025-38499 kernel: net: tun: Update napi-skb after XDP process CVE-2025-39984 For more details about the...

MAL-2025-192579 Malicious code in smtblib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15a295f1d98fcbbdd6a077bc3a849966ca3f73919c0d47e58948ff382481e5b6 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

Malicious code in jsonschema-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

Malicious code in loguru-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78 Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

MAL-2025-192435 Malicious code in loguru-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78 Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

CVE-2025-66271

Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

Malicious code in bignum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...

CVE-2025-66271

CVE-2025-66271 affects ELECOM Clone for Windows, where the software registers a Windows service with an unquoted file path (unquoted service path). The root cause is an unquoted path in the service configuration, enabling a local attacker with write access to the system drive root to execute arbi...