6653 matches found
SUSE-SU-2025:02534-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...
CVE-2025-38493
CVE-2025-38493 concerns the Linux kernel vulnerability in tracing/osnoise, specifically timerlat_dump_stack(). The root cause is a faulty memcpy that uses a size field containing garbage from the ring buffer, which can trigger a buffer overflow and kernel panic when stack data is dumped. The vuln...
CVE-2025-8251 code-projects Exam Form Submission delete_s4.php sql injection
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletes4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...
CVE-2025-8240 code-projects Exam Form Submission dashboard.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. Th...
Malicious code in prof-qux (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b87af8d8f13bd43c1cf3490ea551b8d60fe05a482875597ef2fe5d2c200ca19 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...
MAL-2025-191821 Malicious code in prof-qux (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b87af8d8f13bd43c1cf3490ea551b8d60fe05a482875597ef2fe5d2c200ca19 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...
CVE-2025-8137
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The...
WeGIA Access Control Error Vulnerability
WeGIA is a web manager for welfare organizations. WeGIA has an access control error vulnerability that can be exploited by an attacker to cause an unauthenticated user to access protected functionality...
CVE-2025-46267
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...
CVE-2025-4395 Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...
PT-2025-30677 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the improper handling of the cancelUri parameter within the userLogin functionality. A specially crafted HTTP request...
SUSE-SU-2025:20487-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...
SUSE-SU-2025:02501-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...
SUSE-SU-2025:02500-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...
CVE-2024-53288
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in NTP Region functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...
CVE-2024-53286
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DDNS Record functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors...
OSV-2025-570 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=433311401 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.io.BufferedWriter.write java.base/java.io.Writer.write...
PT-2025-30521 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-11 Description: A cross-site scripting XSS issue exists in the NTP Region functionality. This allows remote authenticated users with administrator privileges to inject arbitrary web...