Arbitrary File Access

Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation of Windows device names in the safejoin function, where paths ending with special device names such as CON or AUX can be opened via sendfromdirectory, causing the application to hang indefinitely...

CVE-2025-36925

In WAVESsenddatatodsp of libaocwaves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2483)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: qla2xxx: Fix warning message due to adisc being flushedCVE-2022-49158 scsi: qla2xxx: Implement ref count for SRBCVE-2022-49159 tcp: add...

CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

EUVD-2023-60171

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in external media URLs passed to sendMessageComponents and other methods that take input originating from MessagegetComponents. An attacker can trigger the application to download arbitrary external...

CVE-2023-53839

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

OpenBMCS 跨站请求伪造漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A cross-site request forgery vulnerability exists in OpenBMCS version 2.4, which stems from a cross-site request forgery issue in the sendFeedback.php endpoint that could lead to the execution of an administrator action...

DEBIAN-CVE-2025-40284

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...

CVE-2025-40284

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...

CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...

CVE-2025-40284

CVE-2025-40284 : In the Linux kernel, Bluetooth MGMT did not cancel the mesh_send_done timer when the hdev was removed, leading to a use-after-free crash (KASAN) if the timer fired after removal. The documented fix cancels the MGMT timer on hdev removal, aligning with other MGMT timers, to preven...

PT-2025-49385

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation related to mesh sending. Specifically, the mesh send done timer is not properly canceled when a hardware device hdev is...

CVE-2025-40264

No description is available for this CVE...

EUVD-2025-199893

Werkzeug safejoin allows Windows special device names...

GHSA-HGF8-39GV-G3F2 Werkzeug safe_join() allows Windows special device names

Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. sendfromdirectory uses safejoin to safely serve files at user-specified paths under a director...

Werkzeug safe_join() allows Windows special device names

Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. sendfromdirectory uses safejoin to safely serve files at user-specified paths under a director...

SUSE CVE-2025-66221

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

CVE-2025-13800

A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function setmeshdisconnect of the file /sendorder.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could b...

CVE-2025-13800 ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection

A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function setmeshdisconnect of the file /sendorder.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could b...