CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

Malicious Package

Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990446)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990446 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91adc: fix possible memory leak in at91adcallocatetrigger If iiotriggerregister retur...

motionEye <= 0.43.1b4 OS Command Injection Vulnerability

motionEye is prone to an authenticated OS command injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990451 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

GHSA-QW9X-CQR3-WC7R runc container escape with malicious config due to /dev/console mount and related races

Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989186)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989186 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91adc: fix possible memory leak in at91adcallocatetrigger If iiotriggerregister retur...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990009)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990009 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989277)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989277 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989671 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989678 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989574 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989623 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91adc: fix possible memory leak in at91adcallocatetrigger If iiotriggerregister retur...