PT-2025-46566

Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the set subscription level function. An unauthenticated...

EulerOS 2.0 SP12 : systemd (EulerOS-SA-2025-2373)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binar...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990831 advisory. In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribu...

kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject mismatching sum of fieldlen with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the...

kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject mismatching sum of fieldlen with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the...

kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pciepcsetbar In commit 4284c88fff0e "PCI: designware-ep: Allow pciepcsetbar update inbound map address" setbar was modified to support dynamically changing the backing physical...

Cache Poisoning

get-jwks is vulnerable to cache poisoning. The vulnerability is due to a design flaw where the iss issuer claim may be validated only after keys are retrieved from a shared JWKS cache, which allows an attacker to push a chosen public key into the cache with one crafted JWT and then reuse that...

MAL-2025-86373 Malicious code in hendra-asinan62-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db53116131ade0e2a22977132b05b309997cfd56a9f4e28380eb16f04a0a9df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-63456

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

ALSA-2025:21035 Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal CVE-2025-62230 xorg: xmayland: Value overflow in XkbSetCompatMap...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...

EUVD-2025-48946

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...

EUVD-2025-48945

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63835

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...

CVE-2025-63835

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...

SUSE-SU-2025:21036-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...

CVE-2025-63835

The CVE-2025-63835 entry concerns a stack-based buffer overflow in the Tenda AC18 (v15.03.05.05_multi) guestSsid parameter of the /goform/WifiGuestSet interface. The issue arises from insufficient validation of the guestSsid length, allowing an attacker to send oversized data that can cause a dev...

UBUNTU-CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

CVE-2025-40109

The CVE-2025-40109 entry affects the Linux kernel crypto RNG path. Root cause: set_ent is not guaranteed to be present in all paths, even though only DRBG provides it. The fix ensures set_ent is always present. Impact and exploit specifics are not detailed in the provided documents. Remediation: ...

CVE-2025-40109 crypto: rng - Ensure set_ent is always present

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...