Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-48768

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fsinoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger that is disabled by default, NULL pointer dereference handled differently depending on the targ...

CasaOS 安全漏洞

CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A security vulnerability exists in CasaOS 0.4.15 and earlier versions, which stems from the exposure of multiple unauthenticated endpoints and could lead to the disclosure of sensitive configuration files and system...

PT-2026-1178

Name of the Vulnerable Software and Affected Versions CasaOS versions up to and including 0.4.15 Description CasaOS versions up to and including 0.4.15 have unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The...

CVE-2025-48768

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fsinoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger that is disabled by default, NULL pointer dereference handled differently depending on the targ...

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

PT-2026-6750

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description The asterisk/contrib/scripts/ast coredumper script runs...

PT-2026-27668

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where enabling debug logging in the SMB client can expose plaintext credentials. Specifically, the cifs set cifscreds function logs the key payload,...

PT-2026-26015

Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description A guest issuing a Xenstore command accessing a node using the path '/local/domain/' can cause xenstored to crash due to a corrupted error indicator during node path verification. The crash is...

CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

CVE-2025-15017

CVE-2025-15017 concerns serial device servers (notably Moxa NPort 5000 Series) where debugging code remains active in the UART interface. This allows a physically present attacker to connect to UART without authentication or user interaction, gaining unauthorized access to internal debug function...

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

EUVD-2025-205900

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

SUSE CVE-2023-54235

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...

SUSE CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...