PT-2025-37351

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: A stack overflow in the FTP service allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: At the moment, there is no information about a newer version...

PT-2025-37316

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting...

ruoyi-vue-pro 授权问题漏洞

ruoyi-vue-pro is China's Taro Road source code zhijiantianya open source an optimized refactoring of efficient backend management system framework for the development of enterprise backend , SaaS platforms , WeChat small program backend and so on. ruoyi-vue-pro 2025.09 and previous versions of th...

Audi UTR 2.0 安全漏洞

Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0, which originates from improper access control of the FTP protocol, which allows an attacker to authenticate using any combination of username and password...

CVE-2025-45583

CVE-2025-45583 affects Audi UTR 2.0 Universal Traffic Recorder 2.0. The vulnerability is an improper access control in the FTP protocol that allows an attacker to authenticate to the service using any username/password combination. CVSS metrics in the provided records indicate a CRITICAL base sco...

CVE-2025-45587

CVE-2025-45587 describes a stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 that allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected component is the FTP service; root cause is a stack overflow. Documented impact: availability impact h...

CVE-2025-45583

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...

PT-2025-37271

Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09 Description: A weakness exists in YunaiV yudao-cloud that may lead to improper authorization. The issue affects an unknown part of the file /crm/business/transfer. Manipulation of the argument...

PT-2025-37280

Name of the Vulnerable Software and Affected Versions: YunaiV ruoyi-vue-pro versions prior to 2025.09 Description: A flaw exists in YunaiV ruoyi-vue-pro that allows for improper authorization. The issue is related to the manipulation of the ids/newOwnerUserId argument within an unknown function o...

PT-2025-37347

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 affected versions not specified Description: An incorrect access control issue exists in the FTP protocol. This allows attackers to authenticate to the service using any combination of username and...

PT-2025-37276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners ofStark Industries Solutions Ltd. , a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But ne...

DEBIAN-CVE-2025-39788

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCIUTRLNEXUSTYPE On Google gs101, the number of UTP transfer request slots nutrs is 32, and in this case the driver ends up programming the UTRLNEXUSTYPE incorrectly as 0. This is because the...

AZL-67278 CVE-2025-48040 affecting package erlang for versions less than 25.3.2.21-4

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

AZL-67124 CVE-2025-48041 affecting package erlang for versions less than 26.2.5.15-1

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....

AZL-67118 CVE-2025-48038 affecting package erlang for versions less than 25.3.2.21-4

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

UBUNTU-CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

UBUNTU-CVE-2025-48039

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....