CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

CVE-2025-9308

CVE-2025-9308 affects yarnpkg Yarn up to 1.22.22. The vulnerability is in the function setOptions of src/util/request-manager.js, where manipulation leads to inefficient regular expression complexity. Local access is required. The advisory consistently indicates the issue affects products that ar...

Yarn 安全漏洞

Yarn is an open source package installation, management tool from Yarn Open Source. A security vulnerability exists in Yarn 1.22.22 and earlier versions that stems from insufficient regular expression complexity...

PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2

Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...

PT-2025-34251 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 16.03.10.13 Description: A vulnerability exists in the MD5 Hash Handler component of Tenda AC10. The issue affects an unknown function within the /etc ro/shadow file. Manipulation of this function results in the exposure of...

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9262

The CVE-2025-9262 case concerns wong2 mcp-cli v1.13.0, where the redirectToAuthorization function in /src/oauth/provider.js within the oAuth Handler enables OS command injection. The vulnerability allows remote initiation, with high attack complexity and an exploit published and potentially usabl...

CVE-2025-9239

The CVE-2025-9239 vulnerability affects elunez eladmin up to version 2.7, specifically the EncryptUtils class in the DES Key Handler (eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java). Manipulating the STR PARAM input (example: Passw0rd) results in inadequate encryption strength. ...

CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

CVE-2025-9109

A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the...

PT-2025-34143 · Elunez · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A vulnerability exists in the EncryptUtils function within the DES Key Handler component of elunez eladmin. Manipulation of the STR PARAM argument with the input Passw0rd results in inadequate...

Linux Distros Unpatched Vulnerability : CVE-2021-3749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - axios is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3749 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2025-9146

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

Linux Distros Unpatched Vulnerability : CVE-2025-6069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified...

PT-2025-33638 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.5.1 Description: A security flaw has been discovered in Portabilis i-Diario. The vulnerability affects an unknown functionality of the file /password/email within the Password Recovery Endpoint componen...

Linux Distros Unpatched Vulnerability : CVE-2021-33587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...