CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused function that can initiate a reverse SSH connection, potentially resulting in the connection being...

CVE-2025-68743

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...

minter_burn_from is not used, there is no way to withdraw frxETHToken minted

Lines of code Vulnerability details Impact minterburnfrom is not used, there is no way to withdraw frxETHToken minted. frxETHToken will be worthless if it can't be redeemed. Proof of Concept // Used by minters when user redeems function minterburnfromaddress baddress, uint256 bamount public...

CVE-2020-35559

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...

Code injection

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...