kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

A vulnerability was found in the Linux kernel's management of network namespaces. By manipulating the lifecycle of network namespaces, an attacker could exploit this vulnerability to cause a system crash or leak sensitive system memory. Exploitation of this vulnerability requires that a user has...

ALSA-2025:12662 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: HID: intel-ish-hid: Fix use-after-free issue ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a reference counting issue in tipcaeadencrypt, which could lead to a system crash...

PT-2025-28655 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue concerns the storage of encrypted data using AES encryption and CBC mode, which could provide weaker than expected security. An authenticated remote attacker with acces...

Free certificates for IP addresses: security problem or solution?

Let’s Encrypt has announced its issued its first certificate for an IP address. Why that’s significant deserves a little explanation. You may have run into Let’s Encrypt certificates many times without realizing it. When you see a padlock icon in your browser’s address bar, it means the site is...

Exploit-Writeups

This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...

CVE-2025-38052

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipcaeadencryptdone Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free...

CVE-2025-38052 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipcaeadencryptdone Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free...

Malicious code in bs58-encrypt-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93284d337753b93b8c896531454460484ca9f430906a64a7f06160cd7d354b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-28993

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue where a refcount warning occurs in the tipc aead encrypt function. This is triggered when calling get net on a network namespace during its...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-10659

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2023-43657

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting XSS issue when a site has content security policy CSP headers disabled. Having CSP disabled is a non-default configuration...

CVE-2022-25377

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

Malicious code in keypair-encrypt-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a2d0ae49bf40dbf55ae8f036a2014dccfa4ad0194cebdc787acbfb69658df40 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4092 Malicious code in keypair-encrypt-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a2d0ae49bf40dbf55ae8f036a2014dccfa4ad0194cebdc787acbfb69658df40 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...