24h | 7d | 30d

Overview

  • c-ares
  • c-ares

08 Apr 2025
Published
08 Apr 2025
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.11%

KEV

Description

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected: OS layer security mitigations: CVE-2025-31498, CVE-2024-48615, CVE-2016-1585
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • AppArmor
  • apparmor

22 Apr 2019
Published
16 Sep 2024
Updated

CVSS v3.0
LOW (3.9)
EPSS
0.08%

KEV

Description

In all versions of AppArmor mount rules are accidentally widened when compiled.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected: OS layer security mitigations: CVE-2025-31498, CVE-2024-48615, CVE-2016-1585
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Pending

28 Mar 2025
Published
01 Apr 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected: OS layer security mitigations: CVE-2025-31498, CVE-2024-48615, CVE-2016-1585
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Qix-
  • color-string

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. npm removed the offending package from the registry over the course of the day on 8 September. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. This issue has been resolved in 2.1.2.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Overview

  • Qix-
  • color-convert

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 3.1.2.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Overview

  • Tenda
  • AC9

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Overview

  • Qix-
  • color

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issues has been resolved in 5.0.2.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Overview

  • debug-js
  • debug

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should upgrade to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue has been resolved in 4.4.3.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Overview

  • D-Link
  • DI-8100

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.54%

KEV

Description

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Overview

  • Pending

10 Sep 2025
Published
10 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago
Showing 41 to 50 of 54 CVEs