EUVD-2025-6774

Malicious code in bioql PyPI...

SUSE CVE-2025-39901

In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdevops' debugfs files are a legacy debugging interface supported by the i40e driver since its early days by commit 02e9c290814c "i40e: debugfs interface". Both of...

AZL-68010 CVE-2025-39901 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdevops' debugfs files are a legacy debugging interface supported by the i40e driver since its early days by commit 02e9c290814c "i40e: debugfs interface". Both of...

CVE-2025-39901

CVE-2025-39901 affects the Linux kernel i40e driver. The vulnerability arises from read access to two legacy debugfs files, a read interface for the i40e command and netdev_ops buffers. Both files share a static 256-byte buffer initialized to the empty string, with reads formatting output as “: ”...

CVE-2025-39901 i40e: remove read access to debugfs files

In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdevops' debugfs files are a legacy debugging interface supported by the i40e driver since its early days by commit 02e9c290814c "i40e: debugfs interface". Both of...

CVE-2024-5196

A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /toolscommand.php. The manipulation of the argument cmbheader/txtcommand leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-25565

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line...

CVE-2025-25568

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's o...

PT-2025-11106 · Softether · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEtherVPN version 5.02.5187 Description: The issue is related to a Use after Free condition in the Command.c file, specifically via the CheckNetworkAcceptThread function. Recommendations: For SoftEtherVPN version 5.02.5187, at the moment,...

Origin Validation Error

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Origin Validation Error in the addmiddleware function in scommand.py, which reflects all origins by default. Due to the allowcredentials=True setting, an attacker can send authenticated cross-site...

PT-2025-40075

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The i40e driver in the Linux kernel contains a flaw related to debugfs files 'command' and 'netdev ops'. These files expose a debugging interface with questionable logic and potential fo...

The vulnerability of the Socket Intercept Command File Interface component in the Juniper Networks Junos OS Evolved operating system allows a hacker to enhance their privileges.

The vulnerability of the Socket Intercept Command File Interface component in Juniper Networks’ Junos OS Evolved operating system is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges...

kernel: net/mlx5: Discard command completions in internal error

A use-after-free vulnerability has been discovered in the Linux kernel within the drivers/net/ethernet/mellanox/mlx5/core/cmd.c component, specifically related to the Mellanox network driver. This flaw can lead to compromised system availability. Successful exploitation could result in...

CVE-2024-40895

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...

CVE-2024-40895

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...

CVE-2024-40895

FFRI AMC contains an OS command injection (CWE-78) vulnerability affecting versions 3.4.0–3.5.3 (and some OEM bundles) where, if the notification program setting is enabled and the executable path ends with a batch/command file, a remote unauthenticated attacker can execute arbitrary OS commands....

PT-2024-29133 · Ffri · Ffri Amc

Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...

Arris VAP2500 安全漏洞

The Arris VAP2500 is a wireless video access point device from Arris USA. A security vulnerability exists in the Arris VAP2500 version 08.50, which stems from an action on the parameter cmbheader/txtcommand in the file /toolscommand.php that can result in command injection...

PT-2024-23000 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. This issue can be...

PT-2024-15940 · Unknown · Flink-Extended Ai-Flow +1

Name of the Vulnerable Software and Affected Versions: flink-extended ai-flow version 0.3.1 Description: A critical issue has been found, affecting the function cloudpickle.loads of the file ai flowclicommandsworkflow command.py. This issue leads to deserialization and can be exploited remotely...