Belkin F9K1122 安全漏洞

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability that originates from the incorrect operation of the parameter wpsenroleepin/webpage in the file /goform/formWlanSetupWPS, no details of the vulnerability are...

SUSE CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

DEBIAN-CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

DEBIAN-CVE-2025-38191

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess-user is not set yet, It can pass the user...

UBUNTU-CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38216 iommu/vt-d: Restore context entry setup order for aliased devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38216 iommu/vt-d: Restore context entry setup order for aliased devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38216

CVE-2025-38216 (Linux kernel) affects iommu/vt-d context entry setup order for aliased PCI devices behind PCIe-to-PCI bridges. The issue arose after commit 2031c469f816 changed domain attach context entry setup from set-and-check to clear-and-reset, regressing PCI aliased devices and causing inpu...

CVE-2025-38191

The CVE-2025-38191 issue is in the Linux kernel ksmbd component, where a null pointer dereference could occur during Kerberos session setup if the client uses PreviousSessionId before session authentication completes. Root cause: sess->user is not set during initial kerberos setup, allowing a ...

Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

SUSE CVE-2025-38102

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

UBUNTU-CVE-2025-38133

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 chan pointer handling The pointer returned from ad4851parsechannelscommon is incremented internally as each channel is populated. In ad4858parsechannels, the same pointer was further incremented while...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...

kernel: um: Fix out-of-bounds read in LDT setup

A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...

The vulnerability of the built-in boa server (/boafrm/formIpv6Setup) of the TOTOLINK EX1200T router’s microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in boa server /boafrm/formIpv6Setup of the TOTOLINK EX1200T router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicio...

Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c

A use-after-free flaw was found in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem...

Exploit for CVE-2025-4664

CVE-2025-4664 This repository contains a PoC for exploiting CV...

CVE-2025-6763

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...

Trend Makers Sight Bulb Pro 加密问题漏洞

Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...