CVE-2025-57323

mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,...

PT-2025-40819

Name of the Vulnerable Software and Affected Versions Belkin F9K1015 version 1.00.10 Description A flaw exists in Belkin F9K1015 version 1.00.10 where manipulation of the command argument in the file /goform/mp can lead to command injection. This issue may be exploited remotely. The exploit is...

CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145

Scada-LTS 2.7.8.1 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically via manipulation of the backgroundImageMP argument in view_edit.shtm. The issue can be triggered remotely and, per multiple sources, the exploit has been publicly disclosed. Current connect...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which originates from a cross-site scripting attack due to misuse of the file viewedit.shtm parameter backgroundImageMP in the component...

SUSE CVE-2025-38552

In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution i...

SUSE CVE-2025-38540

In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras USB ID 04F2:B824 & 04F2:B82C report a HID sensor interface that is not actually implemented. Attempting to access this...

Malicious code in @zalastax/nolb-mp_ (npm)

The package @zalastax/nolb-mp was found to contain malicious code...

Malicious code in @zalastax/nolb-mp- (npm)

The package @zalastax/nolb-mp- was found to contain malicious code...

Malicious code in @zalastax/nolb-mp1 (npm)

The package @zalastax/nolb-mp1 was found to contain malicious code...

MAL-2025-12400 Malicious code in @zalastax/nolb-mp_ (npm)

The package @zalastax/nolb-mp was found to contain malicious code...

MAL-2025-12393 Malicious code in @zalastax/nolb-mp- (npm)

The package @zalastax/nolb-mp- was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-38664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdpsub: Always register bridge We must always register the DRM bridge, since...

VulnCheck KEV: CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

Belkin F9K1122 Command Injection Vulnerability (CNVD-2025-20839)

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a command injection vulnerability that stems from the parameter command in the file /goform/mp failing to properly filter constructed command special characters, commands, and so on. An attacker can...

CVE-2025-7083

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit h...

Belkin F9K1122 命令注入漏洞

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a command injection vulnerability that stems from the parameter command in the file /goform/mp failing to properly filter constructed command special characters, commands, and so on. An attacker can...

CVE-2025-24329

Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has bee...