The vulnerability of the sync_time() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the synctime function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the synctime parameter of the...

[SECURITY] Fedora 41 Update: nextcloud-31.0.5-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Malicious code in express-api-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in system-health-sync-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13c337e149bd36fcd54891e550bf7fdb7c1dc36b1bfc1b06e0b1427851d4adde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4683 Malicious code in express-api-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4695 Malicious code in system-health-sync-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13c337e149bd36fcd54891e550bf7fdb7c1dc36b1bfc1b06e0b1427851d4adde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SAMSUNG Internet 安全漏洞

SAMSUNG Internet is a cell phone application from the South Korean company Samsung SAMSUNG. It provides a browser function. A security vulnerability exists in SAMSUNG Internet versions prior to 28.0.0.59, which stems from mishandling of insufficient privileges in the SyncClientProvider, which cou...

Vulnerabilities of the hci_cmd_sync_queue(), hci_le_terminate_big(), or hci_le_big_terminate() functions in the Linux operating system, allowing attackers to cause service failures

The vulnerabilities of the hcicmdsyncqueue, hcileterminatebig, or hcilebigterminate functions in the Linux operating system are related to memory leaks. Exploiting these vulnerabilities can allow an attacker to cause a service failure...

@env-hopper/backend-core (>=2.0.1-alpha-20260224145405 <=2.0.1-alpha.3), @env-hopper/frontend-core (>=2.0.1-alpha <=2.0.1-alpha.11) +4 more potentially affected by CVE-2025-48054 via radashi (=12.5.0-beta.6d5c035)

radashi NPM version =12.5.0-beta.6d5c035 is affected by a known vulnerability. The following packages have a transitive dependency on radashi and may be impacted: - @env-hopper/backend-core =2.0.1-alpha-20260224145405, =2.0.1-alpha, =2.0.1-alpha-20260224145405, =0.0.1, =0.0.1, =0.0.1,...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

GHSA-MQWX-R894-9HFP Process Sync has a Potential Unsound Issue in SharedMutex

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

Process Sync has a Potential Unsound Issue in SharedMutex

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

PT-2025-22829 · Unknown · Process-Sync

Name of the Vulnerable Software and Affected Versions: process-sync crate version 0.2.2 Description: The issue is related to the drop function in the process-sync crate for Rust, which lacks a check to ensure the pthread mutex is unlocked. Recommendations: For process-sync crate version 0.2.2,...

CVE-2025-48752

In the Rust process-sync crate, version 0.2.2, the Drop implementation fails to verify whether the pthread_mutex is unlocked. This is the stated root cause of CVE-2025-48752, per multiple connected feeds. The sources do not provide exploit details, affected vectors beyond the mutex unlock check i...