9476 matches found
PT-2025-46889
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...
PT-2025-46886
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...
CVE-2025-60672
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...
CVE-2025-60676
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...
CVE-2025-60700
CVE-2025-60700 (D-Link DIR-882) affects DIR-882 routers running DIR882A1_FW102B02 and later?in the provided docs, the vulnerability lies in prog.cgi and librcm.so. The sub_4455BC function stores user-supplied SetDMZSettings/IPAddress values in NVRAM then DMZ_run reads them, concatenates them into...
CVE-2025-60698
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...
SUSE SLES12 Security Update : runc (SUSE-SU-2025:4077-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4077-1 advisory. Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2...
Siemens SIMATIC S7-1500 Signal Handler Race Condition (CVE-2025-4598)
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non- SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origin...
DEBIAN-CVE-2025-40182
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-40182
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-40182 crypto: skcipher - Fix reqsize handling
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-40182
CVE-2025-40182 (Linux kernel) concerns the crypto subsystem, specifically the skcipher code path. The root cause is the introduction of the cra_reqsize field in the crypto_alg struct and its use across skcipher algorithms, which was not accompanied by proper initialization. This mismatch can lead...
EUVD-2025-136960
Malicious code in rusdi-set-rusm npm...
EUVD-2025-136958
Malicious code in rusdi-set-rusma npm...
EUVD-2025-141618
Malicious code in rusdi-set-rusmaya npm...
EUVD-2025-136962
Malicious code in rusdi-set-rus npm...
MAL-2025-173141 Malicious code in budi-set-rusmaya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a506d084a14bfc8b02ebcd023ee60598148fe8f295aeec94fd2a10025a594c2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136956
Malicious code in rusdi-set-rusmay npm...
EUVD-2025-136953
Malicious code in rusdi-set-rusu npm...
Malicious code in rusdi-set-nutru (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0b464272cf8e2bfc3864b0613c1e83aebac54a86f50ec305bdb752804ac5482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...