CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

RLSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

CVE-2025-57853

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

CVE-2026-30276

An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2025-68157

Webpack vulnerability CVE-2025-68157 affects the HttpUriPlugin when experiments.buildHttp is enabled. From 5.49.0 through versions before 5.104.0, allowedUris are validated only for the initial URL; redirects (HTTP 30x) are not re-validated, allowing an import restricted to a trusted allow-list t...

CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...

CVE-2020-10216

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a systemtime.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

CVE-2025-14302 GIGABYTE｜Motherboard - Protection Mechanism Failure

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security feature...

USN-7860-2: Linux kernel (Real-time) vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43889)

padata: vulnerability due to a possible divide-by-zero error in padatamthelper during bootup, caused by an uninitialized chunksize being zero. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2024-21279

Malicious code in bioql PyPI...

EUVD-2023-32975

Malicious code in bioql PyPI...

EUVD-2025-0041

Malicious code in bioql PyPI...

CVE-2025-41713

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

PT-2025-37459

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: During a short time frame while the device is booting, an unauthenticated remote attacker can send traffic to unauthorized networks because the switch operates in an undefined state until a...

CVE-2025-52549

CVE-2025-52549 affects Copeland/E3 Site Supervisor Control. Vulnerable firmware versions prior to 2.31F01 generate a root Linux password on each boot, enabling an attacker to derive the root password from known or easily obtainable parameters. Impacts include full device compromise with root acce...

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

taky-cache-loop (=0.0.1), taky-redis-throttle (=0.0.1) potentially affected by unknown CVE via every-time (=0.0.0)

every-time NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on every-time and may be impacted: - taky-cache-loop =0.0.1 - taky-redis-throttle =0.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19990...

Fedora 42 : perl-String-Compare-ConstantTime (2025-ce51c124a5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ce51c124a5 advisory. This release fixes CVE-2024-13939 leaking the length of a secret string Tenable has extracted the preceding description block directly from the Fedora securi...