PT-2026-44300

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The ipmi driver fails to implement limits on event and receive message requests, continuing to fetch data until the Baseboar...

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Service Management Data...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

EUVD-2015-6253

Malware in sbrugna...

PT-2025-46595

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to USB runtime power management PM and Real-Time Network Layer RTNL interactions with the AX88772 network adapter. The issue arises when runtime...

EUVD-2025-28746

Malicious code in bioql PyPI...

net: usb: asix_devices: add phy_mask for ax88772 mdio bus

...

CVE-2025-38736

Technical details about CVE-2025-38736 are not provided in the connected documents. The initial description notes a Linux kernel MDIO PHY address masking fix (mask with 0x1f) in net: usb: asix_devices to prevent OOB/invalid MDIO addresses. Connected advisories reference the CVE, but do not supply...

CVE-2025-38725 net: usb: asix_devices: add phy_mask for ax88772 mdio bus

In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: add phymask for ax88772 mdio bus Without setting phymask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 0x1f. DLink DUB-E100 H/W Ver B1 is such ...

CVE-2025-38725

CVE-2025-38725 affects the Linux kernel net: usb: asix_devices driver handling of ax88772 MDIO bus. Without a phy_mask, the driver could create up to 32 MDIO phy devices (addresses 0x00–0x1f). Only one main phy binds to the net phy driver, causing issues during suspend/resume where phy_polling_mo...

CVE-2021-26964

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and manageme...

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

SUSE CVE-2025-37945

In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsaswitchsuspend and dsaswitchresume from their device PM ops: qca8k-8xxx, bcmsf2, microchip ksz...

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software lies in the lack of measures taken to clean data at the management level, allowing attackers to execute arbitrary codes.

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the CLI interface of HPE Aruba Networking Access Point software allows a perpetrator to execute arbitrary code.

The vulnerability of the CLI interface of HPE Aruba Networking Access Point software relates to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted packets to the UDP port...

CVE-2025-30215

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

CVE-2025-30215

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...