CVE-2025-40010

Technical details for CVE-2025-40010 are not publicly available in the provided documents. Monitor for updates from vendors/security advisories.

CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

Malicious Package

Overview flight-debug is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)

There is an insertion of sensitive information into log files vulnerability that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. This plugin onl...

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

EUVD-2025-34659

Malicious code in debug-mj-v3 npm...

EUVD-2025-34660

Malicious code in debug-mj npm...

Malicious Package

Overview debug-mj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview debug-mj-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

PT-2025-46637

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ASoC amd/sdw utils component where a NULL pointer dereference may occur if devm kasprintf fails during memory allocation. Specifically, a debu...

MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." MITRE created this...

MAL-2025-48429 Malicious code in debug-mj (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f60289f1a0f9296cf8aa9ed744c256c0963a95dc751ff52a708d2676d14825a Any computer that has this package installed or running should be considered...

MAL-2025-48430 Malicious code in debug-mj-v3 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74c0451e3b813ae12fff8e9f76bd4570a074a6bda1a7391e28f789182a6cb0e6 Any computer that has this package installed or running should be considered...

Malicious code in debug-mj-v3 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74c0451e3b813ae12fff8e9f76bd4570a074a6bda1a7391e28f789182a6cb0e6 Any computer that has this package installed or running should be considered...