๐จ CVE-2024-48862
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.831 ( 2024/10/15 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
๐@cveNotify
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.831 ( 2024/10/15 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
๐@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QuLog Center - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
๐จ CVE-2025-3199
A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.
๐@cveNotify
A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.
๐@cveNotify
GitHub
CVE_Hunter/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_01.md at main ยท Tr0e/CVE_Hunter
CVEๆผๆดๆๆ (CVE Vulnerability Hunting), by Tr0e. Contribute to Tr0e/CVE_Hunter development by creating an account on GitHub.
๐จ CVE-2025-4598
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
๐@cveNotify
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
๐@cveNotify
๐จ CVE-2025-21022
Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
๐@cveNotify
Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
๐@cveNotify
๐จ CVE-2025-8854
Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.
๐@cveNotify
Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.
๐@cveNotify
GitHub
bullet3/Extras/VHACD/test/src/main_vhacd.cpp at master ยท bulletphysics/bullet3
Bullet Physics SDK: real-time collision detection and multi-physics simulation for VR, games, visual effects, robotics, machine learning etc. - bulletphysics/bullet3
๐จ CVE-2023-47220
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
๐@cveNotify
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
๐@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in Media Streaming Add-on - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
๐จ CVE-2024-38647
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QNAP AI Core 3.4.1 and later
๐@cveNotify
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QNAP AI Core 3.4.1 and later
๐@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QNAP AI Core - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
๐จ CVE-2025-64331
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default.
๐@cveNotify
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default.
๐@cveNotify
GitHub
eve/http: stack overflow on large file transfers with http-body-printable
### Impact
A stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies.
### Patches
Upgr...
A stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies.
### Patches
Upgr...
๐จ CVE-2025-64335
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
๐@cveNotify
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
๐@cveNotify
GitHub
detect: fix null deref with entropy keyword ยท OISF/suricata@c935f08
Ticket: 7959
Usage of entropy with base64_data led to NULL dereference
(cherry picked from commit 6d703af505ddf3c2a98eaff24cb1461dbf1ae1a2)
Usage of entropy with base64_data led to NULL dereference
(cherry picked from commit 6d703af505ddf3c2a98eaff24cb1461dbf1ae1a2)
๐จ CVE-2025-54848
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.
๐@cveNotify
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.
๐@cveNotify
๐จ CVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59697
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59698
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59699
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59700
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59701
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-54612
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
๐จ CVE-2025-54613
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
Iterator failure vulnerability in the card management module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
๐จ CVE-2025-54621
Iterator failure issue in the WantAgent module.
Impact: Successful exploitation of this vulnerability may cause memory release failures.
๐@cveNotify
Iterator failure issue in the WantAgent module.
Impact: Successful exploitation of this vulnerability may cause memory release failures.
๐@cveNotify
๐จ CVE-2025-54626
Pointer dangling vulnerability in the cjwindow module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
Pointer dangling vulnerability in the cjwindow module.
Impact: Successful exploitation of this vulnerability may affect function stability.
๐@cveNotify
๐จ CVE-2025-54629
Race condition issue occurring in the physical page import process of the memory management module.
Impact: Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify
Race condition issue occurring in the physical page import process of the memory management module.
Impact: Successful exploitation of this vulnerability may affect service integrity.
๐@cveNotify