CVE-2025-60337

Tenda AC6 V2.0 firmware 15.03.06.50 contains a buffer overflow in SetSpeedWan, caused by improper validation of the speed_dir input length. An attacker can cause a Denial of Service (DoS) via a crafted input; some sources also note potential arbitrary code execution. Remediation is to update to a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of IRQ security protection in the netlinkseterr function, which could lead to a deadlock...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a stack buffer overflow vulnerability, which stems from the wepkey2...

Tenda AC6 安全漏洞

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the speeddir parameter in the SetSpeedWan function failing to properly validate the length of the input data, and can be exploited by an...

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A security vulnerability exists in D-Link DIR-823G A1 v1.0.2B05, which originates from a null pointer dereference in the SetWLanRadioSettings function. An attacker can exploit this vulnerability to cause a DoS...

PT-2025-43132

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 Description The Linux kernel contained a potential deadlock issue within the netlink set err function. The syzbot fuzzer identified a possible lock inversion dependency,...

CVE-2025-52079

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987660 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987638 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in...

EUVD-2025-35216

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

rollbar vulnerable to prototype pollution

Impact Prototype pollution potential with the utility function rollbar/src/utility.set. No impact when using the published public interface. If application code directly imports set from rollbar/src/utility and then calls set with untrusted input in the second argument, it is vulnerable to...

EUVD-2025-31060

rollbar vulnerable to prototype pollution...

Linux Distros Unpatched Vulnerability : CVE-2025-62490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not...

DEBIAN-CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2025-11851 Apeman ID71 set_alias.cgi cross site scripting

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2025-62490

CVE-2025-62490 affects QuickJS: in js_print_object, during printing of arrays, maps, or sets, the code reads the length and iterates, but printing a value is not side-effect free. An attacker-defined callback during js_print_value could resize or remove items (e.g., in an array or ms->records)...

CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.1 security update

Important: Red Hat OpenShift GitOps v1.18.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-7606 ApplicationSet: Bitbucket SCM/PR generator leaks HTTP connections GITOPS-7953 Default resource exclusions list not updated in ArgoCD CR...

[SECURITY] Fedora 42 Update: rust-protobuf-parse-3.7.2-1.fc42

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...