150 matches found
TerraMaster TOS <.1.29 - Remote Code Execution
TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...
EUVD-2026-28694
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...
Astra Linux - уязвимость в ansible
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...
undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...
undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...
undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...
php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement
A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...
BIT-PHP-2025-14180 NULL Pointer Dereference in PDO quoting
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
UBUNTU-CVE-2025-68766
In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchpeicdomainalloc If irqdomaintranslatetwocell sets "hwirq" to = MCHPEICNIRQ 2 then it results in an out of bounds access. The code checks for invalid values, but doesn't set the error code...
EUVD-2025-205486
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
CVE-2025-40255
In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...
Eclipse ThreadX RTOS 安全漏洞
Eclipse ThreadX RTOS is an advanced real-time operating system RTOS from Eclipse ThreadX designed for deeply embedded applications. A security vulnerability exists in Eclipse ThreadX RTOS versions prior to 6.4.3, which stems from insufficient validation of a system call parameter when memory...
EUVD-2006-2217
Malware in sbrugna...
EUVD-2005-4079
Malware in sbrugna...
EUVD-2006-5374
Malware in sbrugna...
EUVD-2007-0261
Malware in sbrugna...
EUVD-2007-3071
Malware in sbrugna...
EUVD-2003-1458
Malware in sbrugna...
EUVD-2005-3686
Malware in sbrugna...