PT-2026-38314

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...

PT-2026-3802

Name of the Vulnerable Software and Affected Versions Mini Mouse version 9.3.0 Description The software contains a path traversal issue that allows attackers to access sensitive system directories. Attackers can retrieve file lists from system directories such as /usr, /etc, and /var by...

usb: dwc3: Remove WARN_ON for device endpoint command timeouts

...

CVE-2025-39801

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

UBUNTU-CVE-2025-39801

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

CVE-2025-39801 usb: dwc3: Remove WARN_ON for device endpoint command timeouts

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

CVE-2025-39801

CVE-2025-39801 affects the Linux kernel USB subsystem (dwc3) where device endpoint command timeouts could trigger a kernel panic if WARN_ON is hit during connect/disconnect sequences on Exynos platforms. The root cause is a WARN_ON triggered by device endpoint commands in the privileged path duri...

CVE-2025-39801 usb: dwc3: Remove WARN_ON for device endpoint command timeouts

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a kernel panic caused by a device endpoint command timeout, which may be triggered by an unwanted call to...

Linux Distros Unpatched Vulnerability : CVE-2025-38559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intelpmtread for...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

NETGEAR XR300 Stack Buffer Overflow Vulnerability (CNVD-2025-20497)

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

NETGEAR XR300 Stack Buffer Overflow Vulnerability

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

CVE-2022-49772

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't have happened, but in reality, the NULL port may be seen when the devic...

PT-2025-37482

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description This issue addresses a rarely observed endpoint command timeout in the dwc3 USB controller, which can cause a kernel panic when 'panic on warn' is enabled or unnecessary call trace print...

Shenzhen Fujia Technology OurPhoto 安全漏洞

Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1, which stems from an insecure...

VulnCheck KEV: CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...