CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

PT-2025-44111

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...

PT-2025-39404

Name of the Vulnerable Software and Affected Versions Monkeytype versions prior to 25.36.0 Description Improper handling of user input when loading a saved custom text can lead to cross-site scripting XSS. Recommendations Update to a version later than 25.36.0...

CVE-2025-10774

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

PT-2025-39387

Name of the Vulnerable Software and Affected Versions EmbedVideo Extension versions prior to 4.0.0 Description The EmbedVideo Extension for MediaWiki, which includes a parser function called ev and parser tags for embedding video clips, contains a flaw. Versions 4.0.0 and earlier permit the...

PT-2025-39375

Name of the Vulnerable Software and Affected Versions ADB MCP Server versions 0.1.0 and prior Description ADB MCP Server, a Model Context Protocol server for interacting with Android devices through ADB, contains a flaw in its implementation. Versions 0.1.0 and earlier are susceptible to command...

CVE-2025-39878 ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method" by moving code from cephwritepagesstart to this...

PT-2025-38672

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117 Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system...

Ruijie 6000-E10 操作系统命令注入漏洞

Ruijie 6000-E10 is an Internet behavior management and auditing device from China Ruijie Ruijie. An OS command injection vulnerability exists in Ruijie 6000-E10 2.4.3.6-20171117 and earlier versions, which originates from incorrect manipulation of the parameter key in the file...

CVE-2025-35435

CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6...

CVE-2025-59421 Press vulnerable to email flooding to users due to lack of validation and rate limits

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...

CVE-2025-59421

CVE-2025-59421 affects Press, a Frappe custom app running on Frappe Cloud. The issue is a lack of validation and rate limiting that allows a malicious actor to flood a user’s inbox by repeatedly sending duplicate invitations. The vulnerability is mitigated by the fix committed as 83c3fc7676c5dbbe...

CVE-2022-50397

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2025-38410

Name of the Vulnerable Software and Affected Versions Press versions prior to commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615 Description Press, a Frappe custom app used for managing infrastructure, subscriptions, marketplace operations, and software-as-a-service SaaS, is susceptible to a flaw th...

PT-2025-38328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null dereference issue was resolved in the Linux kernel related to the /proc/pid/smaps rollup functionality. The issue was introduced by commit 258f669e7e88, which converted the...

PT-2025-38327

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the Btrfs file system related to quota management. Specifically, the issue occurs when enabling quotas, where a transaction commit is followed by setting t...

CVE-2023-53348

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when aborting transaction during relocation with scrub Before relocating a block group we pause scrub, then do the relocation and then unpause scrub. The relocation process requires starting and committing a...

CVE-2025-35436

CISA Thorium uses '.unwrap' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27...

CVE-2025-35436

CISA Thorium uses '.unwrap' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27...

CVE-2025-35435

CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6...