249 matches found
CVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464
Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible eve...
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...
PT-2025-26221
Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5.0 through 2.6.10 Description Meshtastic is an open source mesh networking solution. The flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, Meshtastic was failin...
CVE-2025-5142
The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This makes it possible for...
CVE-2025-5142
The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This makes it possible for...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2020-36334
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...
CVE-2020-36333
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...
CVE-2019-8512
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure...
CVE-2013-5114
LastPass prior to 2.5.1 allows secure wipe bypass...
CVE-2023-53036
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the...
DEBIAN-CVE-2023-53036
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the...
UBUNTU-CVE-2023-53036
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the...
CVE-2023-53036 drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the...
Directory Traversal
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal over the wipedatabase endpoint. An attacker can delete any directory on the target filesystem by sending a specially crafted HTTP request that manipulates the...
LoLLMs 路径遍历漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs v12, which stems from path traversal in the /wipedatabase endpoint and could lead to arbitrary directory deletion...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42157)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42157 advisory. - In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failur...