CVE-2025-15432

The CVE-2025-15432 issue affects yeqifu carRental, specifically the function downloadShowFile in /file/downloadShowFile.action of the com.yeqifu.sys.controller.FileController. The root cause is path traversal caused by manipulation of the path argument, allowing remote exploitation. Several sourc...

[SECURITY] Fedora 42 Update: direwolf-1.8.1-1.fc42

Dire Wolf is a modern software replacement for the old 1980's style TNC built with special hardware. Without any additional software, it can perform as an APRS GPS Tracker, Digipeater, Internet Gateway IGate, APRStt gateway. It can also be used as a virtual TNC for other applications such as...

[SECURITY] Fedora 43 Update: direwolf-1.8.1-1.fc43

Dire Wolf is a modern software replacement for the old 1980's style TNC built with special hardware. Without any additional software, it can perform as an APRS GPS Tracker, Digipeater, Internet Gateway IGate, APRStt gateway. It can also be used as a virtual TNC for other applications such as...

PT-2026-1138

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Nuvation Energy nCloud VPN Service affected versions not specified Description An issue involving Network Boundary Bridging exists in Nuvation Energy nCloud VPN Service and...

Nuvation Energy Multi-Stack Controller 安全漏洞

The Nuvation Energy Multi-Stack Controller is a control unit in a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Multi-Stack Controller version 2.5.1 and earlier, which stems from the presence of an unintended proxy or intermediary that cou...

PT-2026-1137

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Description A weakness exists in the Nuvation Energy Multi-Stack Controller MSC that allows Signature Spoofing by Key Theft due to insufficiently protected credentials. This cou...

Nuvation Energy Multi-Stack Controller 安全漏洞

The Nuvation Energy Multi-Stack Controller is a control unit in a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Multi-Stack Controller MSC versions 2.3.8 through prior to 2.5.1, which stems from improper neutralization of a special element...

Nuvation Energy Multi-Stack Controller 安全漏洞

The Nuvation Energy Multi-Stack Controller is a control unit in a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Multi-Stack Controller version 2.5.1 and prior versions, which stems from insufficient credential protection and could lead to...

PT-2026-1135

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller versions 2.3.8 through 2.5.0 Description A flaw exists in Nuvation Energy Multi-Stack Controller that allows for OS Command Injection. This issue could allow an attacker to execute arbitrary commands on t...

PT-2026-1136

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions 2.3.8 through 2.5.0 Description An authentication bypass issue exists in Nuvation Energy Multi-Stack Controller MSC. This allows unauthenticated attackers to gain full control. The issue...

Nuvation Energy Multi-Stack Controller 安全漏洞

The Nuvation Energy Multi-Stack Controller is a control unit in a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Multi-Stack Controller versions 2.3.8 through prior to 2.5.1, which stems from the use of an alternate path or channel to bypas...

CVE-2025-15360

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...

Exposure of Data Element to Wrong Session

Overview skypilot is a SkyPilot: Run AI on Any Infra — Unified, Faster, Cheaper. Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the form of allowing users to see the pending jobs belonging to other users, under some conditions, and leaking keys in...

PT-2026-5536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the dma pool created by dma pool create. This leak occurs when dma async device register or of dma controller register fails, specifically in the probe error...

PT-2026-27725

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of admin queues during a controller reset. Specifically, when nvme alloc admin tag set is invoked during a controller reset, a...

PT-2026-27722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s mcp251x open function related to a potential deadlock situation. Specifically, the function calls free irq while holding the mpc lock mutex. If an...

PT-2026-8196

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Realtek r8152 USB network adapter can trigger a device reset during the reset process, potentially leading to a deadlock. This occurs because the rtl8152 resume function calls reset...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2022-50809

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...