OESA-2025-2531 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact...

Supply Chain Attack

@metamask/sdk, @metamask/sdk-communication-layer, and @metamask/sdk-react are vulnerable to Supply Chain Attack. The vulnerability is due to a compromised debug package that injected malicious code, allowing attackers to intercept or tamper with dApp-to-wallet communications...

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS version 12.0 through versions prior to 12.11.2, which originates from an administrator user being able to enable a debug shell by uploading a specific diagnosti...

EUVD-2022-54571

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6dumpaddrs As reported by syzbot, we should not use rcudereference when rcureadlock is not held. WARNING: suspicious RCU usage 5.19.0-rc2-syzkaller 0 Not tainted net/ipv6/addrconf.c:5175 suspicious...

ROS-20251023-01

A vulnerability in the cifscomposemountoptions function of the fs/smb/client/cifsproto.h module of the SMB client support kernel of the Linux operating system is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a...

Security Advisory 0124

Security Advisory 0124 PDF Date: October 22, 2025 Revision | Date | Changes ---|---|--- 1.0 | October 22, 2025 | Initial release The following issues were discovered in Arista DANZ Monitoring Fabric DMF. These issues affect DMF, Converged Cloud Fabric CCF, CloudVision Appliance CVA, and Multi-Clo...

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for ...

CVE-2025-7851

CVE-2025-7851 affects TP-Link Omada gateways. Connected documents corroborate that an attacker may obtain the root shell on the underlying OS under restricted conditions, via issues described as unauthorized root access through a residual debug code/path and improper privilege management. The vul...

CVE-2025-7851 Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways...

CVE-2025-7851 Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways...

SUSE CVE-2025-40010

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

CVE-2025-40010

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

CVE-2025-40010

Technical details for CVE-2025-40010 are not publicly available in the provided documents. Monitor for updates from vendors/security advisories.

CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

Malicious Package

Overview flight-debug is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)

There is an insertion of sensitive information into log files vulnerability that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. This plugin onl...

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...