wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured

Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfdapi to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty is affected by identity spoofing when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere...

EUVD-2026-24941

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...

PT-2026-2627

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default...

CVE-2025-14302

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security feature...

CVE-2025-14304

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory...

EUVD-2025-203865

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security feature...

PT-2025-51805

Name of the Vulnerable Software and Affected Versions ASRock, ASRockRack, and ASRockInd motherboards affected versions not specified Description Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd, exhibit a Protection Mechanism Failure. This is due to...

ASRock Motherboards 安全漏洞

ASRock Motherboards is a series of motherboards from ASRock Taiwan, China. A security vulnerability exists in ASRock Motherboards, which stems from IOMMU not being properly enabled, which could allow an unauthenticated physical attacker to read or write arbitrary physical memory before the...

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK versions prior to 1.24.0 that stems from not enabling DNS rebinding protection by default, which could lead to bypassi...

CVE-2025-13319

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

CVE-2025-13319

Digi On-Prem Manager API is affected by an authenticated SQL injection vulnerability (CVE-2025-13319). An attacker with valid API tokens can inject SQL via crafted input; the API is not enabled by default. CVSS 3.1 base score 8.8 (HIGH) with impact to confidentiality, integrity, and availability....

can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled

...

CVE-2025-40107 can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...

PT-2025-44342

Name of the Vulnerable Software and Affected Versions Zitadel versions prior to 4.6.0 Zitadel versions prior to 3.4.3 Zitadel versions prior to 2.71.18 Description Zitadel, an open-source identity infrastructure software, is susceptible to online brute-force attacks targeting OTP, TOTP, and...

EUVD-2012-3867

Malware in sbrugna...

EUVD-2009-3238

Malware in sbrugna...

EUVD-2021-7611

Malicious code in bioql PyPI...

EUVD-2023-1283

Malicious code in bioql PyPI...