8276 matches found
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
EUVD-2025-34659
Malicious code in debug-mj-v3 npm...
EUVD-2025-34660
Malicious code in debug-mj npm...
Malicious Package
Overview debug-mj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview debug-mj-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
PT-2025-46637
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ASoC amd/sdw utils component where a NULL pointer dereference may occur if devm kasprintf fails during memory allocation. Specifically, a debu...
MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." MITRE created this...
MAL-2025-48429 Malicious code in debug-mj (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f60289f1a0f9296cf8aa9ed744c256c0963a95dc751ff52a708d2676d14825a Any computer that has this package installed or running should be considered...
MAL-2025-48430 Malicious code in debug-mj-v3 (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74c0451e3b813ae12fff8e9f76bd4570a074a6bda1a7391e28f789182a6cb0e6 Any computer that has this package installed or running should be considered...
Malicious code in debug-mj-v3 (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74c0451e3b813ae12fff8e9f76bd4570a074a6bda1a7391e28f789182a6cb0e6 Any computer that has this package installed or running should be considered...
KB5066877: Windows Server 2008 Security Update (October 2025)
The remote Windows host is missing security update 5066877. It is, therefore, affected by multiple vulnerabilities - tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual til...
PT-2025-49053
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SCMI debug subsystem. If the subsystem fails to initialize, the debug root may be missing, leading to a NULL descriptor. This condition is not...
CVE-2025-11639
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
CVE-2025-11639
The CVE-2025-11639 entry affects Tomofun Furbo 360 and Furbo Mini, specifically the collect_logs.sh function in the Debug Log S3 Bucket Handler. The Red Hat/EUVD/NVD and PT Security entries corroborate a vulnerability that enables insecure storage of sensitive information and requires local acces...
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
OESA-2025-2385 xml-security security update
The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...