NewStart CGSL MAIN 7.02 : squashfs-tools Multiple Vulnerabilities (NS-SA-2025-0192)

The remote NewStart CGSL host, running version MAIN 7.02, has squashfs-tools packages installed that are affected by multiple vulnerabilities: - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem...

NewStart CGSL MAIN 7.02 : openvswitch Multiple Vulnerabilities (NS-SA-2025-0196)

The remote NewStart CGSL host, running version MAIN 7.02, has openvswitch packages installed that are affected by multiple vulnerabilities: - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow ...

NewStart CGSL MAIN 7.02 : git Vulnerability (NS-SA-2025-0169)

The remote NewStart CGSL host, running version MAIN 7.02, has git packages installed that are affected by a vulnerability: - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that...

NewStart CGSL MAIN 7.02 : tuned Vulnerability (NS-SA-2025-0202)

The remote NewStart CGSL host, running version MAIN 7.02, has tuned packages installed that are affected by a vulnerability: - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication...

NewStart CGSL MAIN 7.02 : fapolicyd Vulnerability (NS-SA-2025-0139)

The remote NewStart CGSL host, running version MAIN 7.02, has fapolicyd packages installed that are affected by a vulnerability: - A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not...

CVE-2025-41684

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...

CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

CVE-2025-54121

CVE-2025-54121 affects Starlette (Python, ASGI). In versions 0.47.1 and older, multipart form parsing of large files can cause the main event loop to stall while rolling the file to disk, because UploadFile incorrectly checks file-in-memory status and whether additional bytes trigger a rollover. ...

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the configuration file upload process. An attacker with administrative privileges could create datasets with arbitrary names and locations, causing unintended behavior and potentially causing a denial of...

io.github.sparql-anything:sparql-anything-fuseki (>=v1.0-DEV.3 <=v1.0.0), io.telicent.jena.graphql:graphql-fuseki-module (>=0.6.0 <=0.10.4) +12 more potentially affected by CVE-2025-50151 via org.apache.jena:jena-fuseki-main (>=5.0.0-rc1 <=5.4.0)

org.apache.jena:jena-fuseki-main MAVEN version =5.0.0-rc1, =v1.0-DEV.3, =0.6.0, =1.3.2, =0.72.1, =0.71.2, =0.71.2, =1.0.0, =0.80.0, =0.80.0, =1.2.0, =5.0.0, =5.0.0, =5.4.0 - zone.cogni.semanticz:semanticz-connector-fuseki =2.0.0 - zone.cogni.semanticz:semanticz-connectors-spring =2.0.0 Source cve...

D-Link DIR-645 Command Injection Vulnerability

D-Link DIR-645 is a Gigabit wireless router for home and SMB users launched by D-Link in 2012. The D-Link DIR-645 suffers from a command injection vulnerability that stems from the failure of the file /htdocs/cgibin function ssdpcgimain in the component ssdpcgi to correctly filter constructed...

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to configuration and executable files

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management involves insecure handling of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to configuration and executable files...

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows a hacker to gain unauthorized access to protected information beyond the web directory

Vulnerability of the main and fileman modules of the CMS system: Website management is related to vulnerabilities in path name restrictions for directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information beyond the web directory...

The vulnerabilities in the components hclge_main.c and hclgevf_main.c of the Linux operating system’s kernel allow attackers to cause system failures.

The vulnerability of the hclgemain.c and hclgevfmain.c components of the Linux operating system’s kernel is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause a service failure...

Malicious code in myrepotesting-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 699a8d5ecf04b9f79eb58425d416193bbb768ed786ea839d85fd4f46e827d017 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in the Volkswagen MIB3 Infotainment that stems from a lack of memory isolation between CPU cores, which could allow an attacker to compromise the CPU core responsible for C...

CVE-2025-5932

The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...

CVE-2025-41661

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery CSRF protection...