CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

Tenda AC6 V5.0 missing initial setup authentication vulnerability

Talos Vulnerability Report TALOS-2025-2163 Tenda AC6 V5.0 missing initial setup authentication vulnerability August 20, 2025 CVE Number CVE-2025-24322 SUMMARY An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A...

Tenda AC6 安全漏洞

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6. The vulnerability stems from the presence of insecur...

PT-2025-34044 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version V02.03.01.110 Description: An unsafe default authentication issue exists in the Initial Setup Authentication functionality. A specially crafted network request can lead to arbitrary code execution. An attacker can access the...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...

The vulnerability of the netfs_retry_write_stream() function in the fs/netfs/write_retry.c module of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the netfsretrywritestream function in the fs/netfs/writeretry.c module of the Linux operating system is related to the violation of the buffer’s initial limit. Exploiting this vulnerability could allow an attacker to cause a service failure...

Linux Distros Unpatched Vulnerability : CVE-2023-4577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could...

Linux Distros Unpatched Vulnerability : CVE-2021-47118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid...

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

Multiple SEIKO EPSON products use weak initial passwords

Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems TDSs like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service MaaS model, where...

CVE-2025-35970

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the...

FUJIFILM FRONTIER DX400W 安全漏洞

FUJIFILM FRONTIER DX400W is a compact photo inkjet printer from Fujifilm FUJIFILM Japan. A security vulnerability exists in the FUJIFILM FRONTIER DX400W that stems from the initial administrator password being guessable, which could result in elevated privileges...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544

CVE-2025-53544 concerns Trilium Notes prior to 0.97.0, where a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The app is described as a single-user, username-less system, with...