Linux Distros Unpatched Vulnerability : CVE-2021-47586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in...

Malicious code in w3shi-h1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 47a1a62947736a51ca9d7d239d8533828679c6e1597205b6316ee4a9af95a41a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191923 Malicious code in w3shi-h1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 47a1a62947736a51ca9d7d239d8533828679c6e1597205b6316ee4a9af95a41a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

CVE-2025-7195

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

CVE-2025-34151

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

CVE-2025-34151 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

...

PT-2025-32307

Name of the Vulnerable Software and Affected Versions Operator-SDK versions prior to 0.15.2 Description Early versions of Operator-SDK included an insecure method for operator containers to run in environments utilizing a random UID. A script, user setup, modified the permissions of the /etc/pass...

kernel: um: Fix out-of-bounds read in LDT setup

A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...

The vulnerability of the formSetWAN_Wizard51() function (/goform/formSetWAN_Wizard51) in the D-Link DIR-619L router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formAdvanceSetup function /goform/formAdvanceSetup of the D-Link DIR-619L router’s microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...

DEBIAN-CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

DEBIAN-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

UBUNTU-CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

UBUNTU-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

MAL-2025-191882 Malicious code in supersafereverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 278b176bded4d8a1ad0e2e56a576804e4ed53fa2797fde701bc752bbe68379ab Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Netgear DGN1000B 安全漏洞

The Netgear DGN1000B is a wireless router from the American company Netgear. A code execution vulnerability exists in the Netgear DGN1000B version 1.1.00.24 and 1.1.00.45, which stems from insufficient cleanup of setup.cgi endpoint inputs, and can be exploited by an attacker to potentially cause...

CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2025-6060

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in DECE Software Geodi allows Cross-Site Scripting XSS. This issue affects Geodi: before GEODI Setup 9.0.146...