Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...

CVE-2026-3227

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file...

CVE-2017-18371

The ZyXEL P660HN-T1A v2 TCLinux Fw 7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can b...

EUVD-2019-9421

Malware in sbrugna...

EUVD-2018-8794

Malware in sbrugna...

EUVD-2019-18510

Malware in sbrugna...

EUVD-2020-4441

Malware in sbrugna...

EUVD-2021-26613

Malware in sbrugna...

EUVD-2013-2584

Malware in sbrugna...

EUVD-2014-4093

Malware in sbrugna...

EUVD-2017-14729

Malware in sbrugna...

EUVD-2008-1268

Malware in sbrugna...

EUVD-2025-4095

Malicious code in bioql PyPI...

EUVD-2022-44103

Malicious code in bioql PyPI...

Zyxel Legacy DSL CPE Router Multiple Vulnerabilities

According to its model number, the remote Zyxel router is affected by multiple vulnerabilities, as follows: - A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attack...

CVE-2025-49481 Resource leaks in router

Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...

CVE-2025-50405

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function...

Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada

Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025...

CVE-2024-48633

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrar...

CVE-2023-41559

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42multi, and Tenda AC5 V1.0RTLV15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting...