TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from the command injection vulnerability in the configuration backup and recovery...

MSP360 Free Backup 后置链接漏洞

MSP360 Free Backup is a cross-platform data backup software from MSP360, Inc. MSP360 Free Backup suffers from a backlink vulnerability that stems from a link-following issue in the recovery function, which could lead to local elevation of privilege...

EUVD-2022-50648

Malicious code in bioql PyPI...

SUSE CVE-2025-39896

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

CVE-2025-39896 accel/ivpu: Prevent recovery work from being queued during device removal

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

md: Don't ignore read-only array in md_check_recovery()

...

CVE-2024-54910

Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function...

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...

CVE-2025-1732

CVE-2025-1732: Zyxel USG FLEX H series uOS

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper privilege...

Upgraded Q -> 3 from #839 [1698131435131]

Judge has assessed an item in Issue 839 as 3 risk. The relevant finding follows: UniV3LiquidityAMO: recoverERC721 does not, in fact, recovers them The function to recover ERC721’s found here sends them to the rDPX V2 core contract, however said contract has no function to retrieve them, rendering...

CVE-2022-47891

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

CVE-2022-47891 Admin password reset in NetMan 204

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

CVE-2022-47891 Admin password reset in NetMan 204

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

NATIVE TOKENS TRANSFERRED TO THE LlamaAccount CONTRACT CAN GET STUCK

Lines of code Vulnerability details Impact In the LlamaAccount contract there is a payable recieve to receive native tokens as shown below: receive external payable Hence this contrat accepts native tokens sent to this. But the problem is if any amount of native token is sent to this contract via...

AMO2 doesn't add the lp balance of the CVXStaker to the withdrawable token amount

Lines of code Vulnerability details Impact The lp tokens held by CVXStaker can't be able to used or withdrew by AMO2. Although the jam is not permanent and the owner of the CVXStaker can use recoverToken function to withdraw them, it will cause the functions about removing liquidity break down in...

SUSE CVE-2019-19815

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fsrecoverfsyncdata in fs/f2fs/recovery.c. This is related to F2FSPSB in fs/f2fs/f2fs.h...

Incorrect check for signature malleability

Lines of code Vulnerability details Impact Sig.recover has an Incorrect check: c.v != 27 || c.v != 28. Thus, Sig.recover always reverts. Proof of Concept c.v != 27 || c.v != 28 is always true function recoverbytes32 h, Components calldata c internal pure returns address // EIP-2 and malleable...