CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

CVE-2022-49896 cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix cxlpmemregion and cxlmemdev leak When a cxlnvdimm object goes through a -remove event device physically removed, nvdimm-bridge disabled, or nvdimm device disabled, then any associated regions must also be disabled. ...

CVE-2025-23155

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once stmmacrequestirqmultim...

DEBIAN-CVE-2025-23155

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once stmmacrequestirqmultim...

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat APT group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage...

Triada strikes back

Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...

Exploit for Use of Persistent Cookies Containing Sensitive Information in Palletsprojects Flask

CVE-2023-30861 PoC Proof of Concept ⚠️ 주의 CAUTION...

The dangers of web based messaging apps

TL;DR Anyone with a web browser and access to your phone in an unlocked state could potentially set up persistent access to your secure messaging platforms without needing to know your credentials!. Whilst this clearly requires unfettered access to your phone, scenarios such as screen replacement...

SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2025-0618

A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even afte...

CVE-2025-0618

CVE-2025-0618 affects Trellix Endpoint Security (HX) Server versions 10.0.2 and earlier. A specially crafted tamper protection event can trigger an unhandled exception in the HX service, causing a persistent denial of service that prevents processing of any further tamper protection events, even ...

Malicious code in dc-genai-dropin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4921314e7e97ba500355f996a14c9619cadf54912d2dfdbe5eb22750a5e5c1c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of bounds checking for persistent handle contexts...

CVE-2025-0676

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to...

BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...

Malicious code in jcl-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5db8fba1d3af4871fe70fb88d7eef37a6740477ddfe683e8258afa4345d7055 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: RHODF-4.14-RHEL-9 security update

Updated images are now available for RHODF-4.14-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

tcpdump 操作系统命令注入漏洞

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capture, among others. A security vulnerability exists in tcpdump, which stems from command injection and could lead to elevation of privilege and...

TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-027

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs...

Important: Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update

Updated images are now available for RHODF-4.16-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...