CVE-2025-53247

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpinterface BlogMarks blogmarks allows PHP Local File Inclusion.This issue affects BlogMarks: from n/a through = 1.0.8...

MAL-2025-41498 Malicious code in @twork-data-services/loyalty-program-names (npm)

--- -= Per source details. Do not edit below this line.=-...

Mitsubishi Electric MELSEC iQ-F Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...

Linux Distros Unpatched Vulnerability : CVE-2019-20628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use- After-Free vulnerability in gfm2tsprocesspmt in...

Linux Distros Unpatched Vulnerability : CVE-2021-3013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre fla...

CVE-2025-0078

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the...

CISA: FY 2025 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems. This is an updated copy...

CVE-2025-57105

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...

AZL-66644 CVE-2025-38640 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

UBUNTU-CVE-2025-38640

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

CVE-2025-38640

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

[SECURITY] Fedora 41 Update: socat-1.8.0.3-1.fc41

Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 - raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin etc., th...

[SECURITY] Fedora 42 Update: socat-1.8.0.3-1.fc42

Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 - raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin etc., th...

PT-2025-34445 · D Link · Di-7400G+ Router

Name of the Vulnerable Software and Affected Versions: DI-7400G+ router affected versions not specified Description: The DI-7400G+ router contains a command injection flaw that enables attackers to execute arbitrary commands on the device. This issue affects the sub 478D28 function within mng...

CVE-2025-57105

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...

CVE-2025-57105

CVE-2025-57105 affects the D-Link DI-7400G+ router. The vulnerability resides in the jhttpd-based code paths mng_platform.asp and wayos_ac_server.asp, where the GET parameter addr/ac_mng_srv_host is written to NVRAM and then passed to system(), enabling command execution. Prerequisites observed i...

Linux Distros Unpatched Vulnerability : CVE-2023-44442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

Linux Distros Unpatched Vulnerability : CVE-2018-1000040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or...