CVE-2025-57105

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...

PT-2025-34445 · D Link · Di-7400G+ Router

Name of the Vulnerable Software and Affected Versions: DI-7400G+ router affected versions not specified Description: The DI-7400G+ router contains a command injection flaw that enables attackers to execute arbitrary commands on the device. This issue affects the sub 478D28 function within mng...

CVE-2025-57105

CVE-2025-57105 affects the D-Link DI-7400G+ router. The vulnerability resides in the jhttpd-based code paths mng_platform.asp and wayos_ac_server.asp, where the GET parameter addr/ac_mng_srv_host is written to NVRAM and then passed to system(), enabling command execution. Prerequisites observed i...

Linux Distros Unpatched Vulnerability : CVE-2023-44442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

Linux Distros Unpatched Vulnerability : CVE-2018-1000040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or...

dts-mall 安全漏洞

dts-mall is a WeChat small program mall by qiguliuxing individual developer. A security vulnerability exists in dts-mall version v0.0.1-SNAPSHOT, which stems from improper access control and could lead to authentication bypass...

Linux Distros Unpatched Vulnerability : CVE-2022-48624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus relies on the presence of the package as...

NULL Pointer Dereference

MaterialX is vulnerable to NULL pointer dereference. The vulnerability is due to improper handling of shader node parsing in MTLX files, which allows an attacker to craft malicious files that can crash a target program...

CISA: Tribal Cybersecurity Grant Program FAQ

Learn more about the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments address cybersecurity risks and threats to their information systems. CISA maintains this list of frequently asked questions FAQs for reference to address common questions about the program...

CISA: FY 2023 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems...

SUSE CVE-2025-38502

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size,...

CVE-2025-38502 bpf: Fix oob access in cgroup local storage

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size,...

Linux Distros Unpatched Vulnerability : CVE-2022-49873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix wrong reg type conversion in releasereference Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program...

Linux Distros Unpatched Vulnerability : CVE-2025-38192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flips ingress packets from v4 to v6...

PT-2025-33344 · Seagate · Seagate Toolkit

Name of the Vulnerable Software and Affected Versions: Seagate Toolkit versions prior to 2.34.0.33 Description: The service executable path in Seagate Toolkit allows an attacker with administrator privileges to exploit a vulnerability. An attacker with write permissions to the root directory coul...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

Linux Distros Unpatched Vulnerability : CVE-2018-18559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issu...

CVE-2025-8672

The CVE describes a TCC bypass in macOS GIMP where a bundled Python interpreter inherits the user’s TCC permissions granted to GIMP. With local access, an attacker can invoke this interpreter to run arbitrary commands and access files in privacy-protected folders without prompting the user, abusi...