Exploit for Incorrect Authorization in Litellm

CVE-2026-35029 – LiteLLM /config/update privilege escalation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse...

CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

CVE-2026-4525

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16...

PT-2026-33398

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.0 HashiCorp Vault versions prior to 1.21.5 HashiCorp Vault versions prior to 1.20.10 HashiCorp Vault versions prior to 1.19.16 Description When a Vault auth mount is configured to pass through the...

EUVD-2026-20862

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

CVE-2026-5105 Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection

A vulnerability was detected in Totolink A3300R 17.0.0cu.557b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...

kernel: Input: synaptics - fix crash when enabling pass-through port

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse...

MGASA-2025-0270 Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

EUVD-2018-0849

Malware in sbrugna...

EUVD-2019-8193

Malware in sbrugna...

EUVD-2021-26642

Malware in sbrugna...

EUVD-2025-5183

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-19577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering...

Linux Distros Unpatched Vulnerability : CVE-2020-28086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password,...

Linux Distros Unpatched Vulnerability : CVE-2019-18424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a...

CVE-2025-1713

When setting up interrupt remapping for legacy PCI-X devices, including PCI-X bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock...

SUSE-SU-2025:01860-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks XSA-466 bsc1234282 - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI...