Insertion of Sensitive Information into Log File

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to...

CVE-2026-43122

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in acpiprocessorstart Commit 7a8c994cbb2d "ACPI: processor: idle: Optimize ACPI idle driver registration" moved the ACPI idle driver registration to acpiprocessordriverinit and...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

PT-2025-48129

Name of the Vulnerable Software and Affected Versions versions prior to 2025-9558 Description A potential out-of-bounds write issue exists in the gen prov start function within the pb adv.c file. The issue occurs because the full length of received data is copied into the link.rx.buf receiver...

CVE-2025-40015

In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32csistart', 'csidev-ssubdev' is dereferenced directly while assigning a value to the 'srcpad'. However the same value is being checked against NULL at a later point of...

CVE-2025-40015 media: stm32-csi: Fix dereference before NULL check

In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32csistart', 'csidev-ssubdev' is dereferenced directly while assigning a value to the 'srcpad'. However the same value is being checked against NULL at a later point of...

CVE-2025-40015

In CVE-2025-40015, the Linux kernel vulnerability is in the media: stm32-csi driver. The issue arises in stm32_csi_start where csidev->s_subdev is dereferenced while assigning to src_pad before a NULL check, creating a potential NULL dereference. The fix moves the dereference after the NULL ch...

CVE-2023-53601 bonding: do not assume skb mac_header is set

In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...

CVE-2025-6785 Tesla Model 3 Physical CAN Bus Injection

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9...

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

PT-2025-42783

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the stm32-csi driver where a memory dereference occurs before a NULL check within the stm32 csi start function. Specifically, csidev-s subdev is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing ofnodeput call in the octeon2usbclocksstart function...

CVE-2022-49806 net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()

In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start sparxstatsinit calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:...

CVE-2023-52725

Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package...

CVE-2023-52725

CVE-2023-52725 affects Open Networking Foundation ONOS onos-kpimon 0.4.7. The vulnerability arises from blocking the errCh channel inside the Start function of the monitoring package, causing resource exhaustion as the indication-processing goroutine cannot accept new messages. Public documents c...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller open sourced by Open Networking Foundation. for building next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS onos-kpimon version 0.4.7, which originates from blocking the errCh chann...

CVE-2023-52725

Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package...

PT-2023-23442 · Linksys · Linksys E2000

Name of the Vulnerable Software and Affected Versions: Linksys E2000 router version 1.0.06 Description: The issue is a command injection vulnerability. If an attacker gains web management privileges, they can inject commands into the post request parameters wl ssid, wl ant, wl rate, WL atten ctl,...

Privilege Escalation

github.com/golang/go is vulnerable to Privilege Escalation. The vulnerability exists due to the unsanitized NULL values in the Start function of exec.go, allowing an attacker to maliciously set environment variables on windows. For example, the environment variable string A=B\x00C=D sets the...

Weak Encryption

Blink1Control2 contains weak encryption. The vulnerability exists in start function in server/skypeService.js because the passwords in event rules are not properly handled, allowing an attacker to access unauthorized information in the system...