CVE-2025-15216

CVE-2025-15216 affects Tenda AC23 firmware version 16.03.07.52. The vulnerability resides in the fromSetIpMacBind function in /goform/SetIpMacBind, where manipulation of the bindnum argument triggers a stack-based buffer overflow. This could be exploited remotely, with the exploit publicly availa...

CVE-2025-15215

The CVE-2025-15215 affects Tenda AC10U 15.03.06.48–15.03.06.49. The vulnerability lies in the formSetPPTPUserList function in /goform/setPptpUserList (HTTP POST Request Handler). Manipulating the argument list leads to a buffer overflow, enabling remote code execution. The attack is remotely init...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992348 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt...

PT-2025-53997

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's RDMA/mlx4 component related to a shift wrapping issue within the set user sq size function. The ucmd-log sq bb count variable, which is user-controlle...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch in the type of the get/set function of the sglsgenr variable, which could result in a global...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992439 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix overlap expiration walk The lazy gc on insert that should remove...

PT-2025-53850

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the formSetRemoteVlanInfo function, located in the...

Tenda M3 安全漏洞

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameters ID, vlan and port in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992346 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992315 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memsetio In the function s3fbsetpar, the valu...

Exploit for CVE-2025-15177

CVE-2025-15177 Tenda WH450 V1.0.0.18 Stack Buffer Overflow...

CVE-2025-15177

CVE-2025-15177 affects Tenda WH450 1.0.0.18. Vulnerable in the HTTP Request Handler, specifically the file "/goform/SetIpBind". Manipulating the page argument leads to a stack-based buffer overflow. The issue can be exploited remotely; exploit code has been disclosed (PoC present) and the provide...

CVE-2025-15136

TRENDnet TEW-800MB (firmware 1.0.1.0) contains a command injection flaw in the Management Interface. The affected function is do_setWizard_asp in /goform/wizardset, where manipulating the WizardConfigured argument can trigger arbitrary command execution. The issue is exploitable remotely over the...

CVE-2023-54040

In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if icevcfdirsetirqctx returns failure, the inserted fdir entry will not be removed and if icevcfdirwritefltr returns failure, the fdir context info for irq handler...

SUSE CVE-2023-54017

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname called in deviceadd is leaked. As comment of deviceadd says, it shoul...

SUSE CVE-2023-54060

In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufdioas.mockdomain.accessdomaindestory would blow up rarely. end should be...

SUSE CVE-2025-68363

In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS The transportheader is...

SUSE CVE-2025-68726

In the Linux kernel, the following vulnerability has been resolved: crypto: aead - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...

SUSE CVE-2025-68737

In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from changememorycommon The rodata=on security measure requires that any code path which does vmalloc - setmemoryro/setmemoryrox must protect the linear map alias too. Therefore, if such a...

CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...